Here is the record of a manual attempt to connect to the machine 0 rsyslogd:
root@juju-machine-0-lxc-8:/var/log/juju# openssl s_client -connect 10.49.4.0:6514 -CAfile ca-cert.pem CONNECTED(00000003) depth=0 O = juju, CN = * verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 O = juju, CN = * verify error:num=27:certificate not trusted verify return:1 depth=0 O = juju, CN = * verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/O=juju/CN=* i:/O=juju/CN=juju-generated CA for environment "rsyslog" --- Server certificate -----BEGIN CERTIFICATE----- MIIDSDCCArOgAwIBAgIBADALBgkqhkiG9w0BAQUwRTENMAsGA1UEChMEanVqdTE0 MDIGA1UEAwwranVqdS1nZW5lcmF0ZWQgQ0EgZm9yIGVudmlyb25tZW50ICJyc3lz bG9nIjAeFw0xNTAxMjgwNTI0MDBaFw0yNTAyMDQwNTIzNTlaMBsxDTALBgNVBAoT BGp1anUxCjAIBgNVBAMTASowgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKpH 52wcKtCLnVY8goqRAvBKierpAUHACcakSG34LysAEnVWb+GcKvMRNKOWs38DBkK4 KEdOzNRSgsaShFKg4omlfHDwUyVXOV0NsNM6/jSUcLyhM/KLcvVFEM9a5QNxU+53 H5wPSJEZklm228jRWKeRMnf2IZkfQJndKrLDw1NTAgMBAAGjggF0MIIBcDAOBgNV HQ8BAf8EBAMCAKgwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYEFOX8AXWM mL1e+9dnPJBGKYHt4HhaMB8GA1UdIwQYMBaAFDJS+w8VL6hM7MZmsEPK7P1MvvHT MIIBBwYDVR0RBIH/MIH8ghxyYXNhbGhhZ3VlLmxjeTAzLmNhbm9uaXN0YWNrghhn aWVuYWgubGN5MDMuY2Fub25pc3RhY2uCF3Jpc2hhLmxjeTAzLmNhbm9uaXN0YWNr ggEqhwQKMQQBhxD+gAAAAAAAAJ6Omf/+/PeYhxD+gAAAAAAAAJ6Omf/+/PeYhxD+ gAAAAAAAAJ6Omf/+/PeYhxD+gAAAAAAAAJ6Omf/+/PeYhxD+gAAAAAAAAJi+3f/+ ZN2QhxD+gAAAAAAAAEjPj//+BuqVhxD+gAAAAAAAAJi+3f/+ZN2QhxD+gAAAAAAA APTGKf/+6bHAhxD+gAAAAAAAABAuT//+1od3MAsGCSqGSIb3DQEBBQOBgQBZ4nmW ZGaj7j0rFSUBzz7njweBH7LpPkcfvetfVE0WMbhBKND+dYH83zAAejBe9QWxdlY+ TiHkf0pEXGLR+R9fKipDcNs3vMaCZYimLgqmPq/hS9YzUf7v0gvkLeqBICFXV/RQ RGrddPFwJG7rKnxX7tbQ93Nxw9S4Yr80OevbsQ== -----END CERTIFICATE----- subject=/O=juju/CN=* issuer=/O=juju/CN=juju-generated CA for environment "rsyslog" --- Acceptable client certificate CA names /O=juju/CN=juju-generated CA for environment "rsyslog" /O=juju/CN=juju-generated CA for environment "rsyslog" --- SSL handshake has read 1295 bytes and written 547 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA256 Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : AES256-SHA256 Session-ID: D057E1CB11EA37C70F8C9539E95EE675DB2B3F58A5834CDCEEE48F95464B00F5 Session-ID-ctx: Master-Key: E5F761603E97CE6401F74A4EBF232FF5474DE033D4E0528026B5D1790251758545701294A249DE807D8B7ACC71B05678 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1423028794 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- ^C root@juju-machine-0-lxc-8:/var/log/juju#
Here is the record of a manual attempt to connect to the machine 0 rsyslogd:
root@juju- machine- 0-lxc-8: /var/log/ juju# openssl s_client -connect 10.49.4.0:6514 -CAfile ca-cert.pem 27:certificate not trusted juju/CN= juju-generated CA for environment "rsyslog" BAgIBADALBgkqhk iG9w0BAQUwRTENM AsGA1UEChMEanVq dTE0 qdS1nZW5lcmF0ZW QgQ0EgZm9yIGVud mlyb25tZW50ICJy c3lz xMjgwNTI0MDBaFw 0yNTAyMDQwNTIzN TlaMBsxDTALBgNV BAoT VBAMTASowgZ8wDQ YJKoZIhvcNAQEBB QADgY0AMIGJAoGB AKpH RAvBKierpAUHACc akSG34LysAEnVWb +GcKvMRNKOWs38D BkK4 g4omlfHDwUyVXOV 0NsNM6/ jSUcLyhM/ KLcvVFEM9a5QNxU +53 RWKeRMnf2IZkfQJ ndKrLDw1NTAgMBA AGjggF0MIIBcDAO BgNV wEwYDVR0lBAwwCg YIKwYBBQUHAwEwH QYDVR0OBBYEFOX8 AXWM t4HhaMB8GA1UdIw QYMBaAFDJS+ w8VL6hM7MZmsEPK 7P1MvvHT /MIH8ghxyYXNhbG hhZ3VlLmxjeTAzL mNhbm9uaXN0YWNr ghhn uY2Fub25pc3RhY2 uCF3Jpc2hhLmxje TAzLmNhbm9uaXN0 YWNr +gAAAAAAAAJ6Omf /+/PeYhxD+ gAAAAAAAAJ6Omf/ +/PeYhxD+ +/PeYhxD+ gAAAAAAAAJ6Omf/ +/PeYhxD+ gAAAAAAAAJi+ 3f/+ gAAAAAAAAEjPj/ /+BuqVhxD+ gAAAAAAAAJi+ 3f/+ZN2QhxD+ gAAAAAAA +6bHAhxD+ gAAAAAAAABAuT/ /+1od3MAsGCSqGS Ib3DQEBBQOBgQBZ 4nmW njweBH7LpPkcfve tfVE0WMbhBKND+ dYH83zAAejBe9QW xdlY+ R9fKipDcNs3vMaC ZYimLgqmPq/ hS9YzUf7v0gvkLe qBICFXV/ RQ X7tbQ93Nxw9S4Yr 80OevbsQ= = /O=juju/ CN=* /O=juju/ CN=juju- generated CA for environment "rsyslog" CN=juju- generated CA for environment "rsyslog" CN=juju- generated CA for environment "rsyslog" 70F8C9539E95EE6 75DB2B3F58A5834 CDCEEE48F95464B 00F5 401F74A4EBF232F F5474DE033D4E05 28026B5D1790251 758545701294A24 9DE807D8B7ACC71 B05678 machine- 0-lxc-8: /var/log/ juju#
CONNECTED(00000003)
depth=0 O = juju, CN = *
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 O = juju, CN = *
verify error:num=
verify return:1
depth=0 O = juju, CN = *
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/O=juju/CN=*
i:/O=
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDSDCCArOgAwI
MDIGA1UEAwwranV
bG9nIjAeFw0xNTA
BGp1anUxCjAIBgN
52wcKtCLnVY8goq
KEdOzNRSgsaShFK
H5wPSJEZklm228j
HQ8BAf8EBAMCAKg
mL1e+9dnPJBGKYH
MIIBBwYDVR0RBIH
aWVuYWgubGN5MDM
ggEqhwQKMQQBhxD
gAAAAAAAAJ6Omf/
ZN2QhxD+
APTGKf/
ZGaj7j0rFSUBzz7
TiHkf0pEXGLR+
RGrddPFwJG7rKnx
-----END CERTIFICATE-----
subject=
issuer=
---
Acceptable client certificate CA names
/O=juju/
/O=juju/
---
SSL handshake has read 1295 bytes and written 547 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA256
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : AES256-SHA256
Session-ID: D057E1CB11EA37C
Session-ID-ctx:
Master-Key: E5F761603E97CE6
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1423028794
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
^C
root@juju-