juju-core

Bug #1417875
Comment #2

Comment 2 for bug 1417875

Revision history for this message

Paul Gear (paulgear) wrote on 2015-02-04:

Here is the record of a manual attempt to connect to the machine 0 rsyslogd:

root@juju-machine-0-lxc-8:/var/log/juju# openssl s_client -connect 10.49.4.0:6514 -CAfile ca-cert.pem
CONNECTED(00000003)
depth=0 O = juju, CN = *
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 O = juju, CN = *
verify error:num=27:certificate not trusted
verify return:1
depth=0 O = juju, CN = *
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/O=juju/CN=*
   i:/O=juju/CN=juju-generated CA for environment "rsyslog"
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDSDCCArOgAwIBAgIBADALBgkqhkiG9w0BAQUwRTENMAsGA1UEChMEanVqdTE0
MDIGA1UEAwwranVqdS1nZW5lcmF0ZWQgQ0EgZm9yIGVudmlyb25tZW50ICJyc3lz
bG9nIjAeFw0xNTAxMjgwNTI0MDBaFw0yNTAyMDQwNTIzNTlaMBsxDTALBgNVBAoT
BGp1anUxCjAIBgNVBAMTASowgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKpH
52wcKtCLnVY8goqRAvBKierpAUHACcakSG34LysAEnVWb+GcKvMRNKOWs38DBkK4
KEdOzNRSgsaShFKg4omlfHDwUyVXOV0NsNM6/jSUcLyhM/KLcvVFEM9a5QNxU+53
H5wPSJEZklm228jRWKeRMnf2IZkfQJndKrLDw1NTAgMBAAGjggF0MIIBcDAOBgNV
HQ8BAf8EBAMCAKgwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYEFOX8AXWM
mL1e+9dnPJBGKYHt4HhaMB8GA1UdIwQYMBaAFDJS+w8VL6hM7MZmsEPK7P1MvvHT
MIIBBwYDVR0RBIH/MIH8ghxyYXNhbGhhZ3VlLmxjeTAzLmNhbm9uaXN0YWNrghhn
aWVuYWgubGN5MDMuY2Fub25pc3RhY2uCF3Jpc2hhLmxjeTAzLmNhbm9uaXN0YWNr
ggEqhwQKMQQBhxD+gAAAAAAAAJ6Omf/+/PeYhxD+gAAAAAAAAJ6Omf/+/PeYhxD+
gAAAAAAAAJ6Omf/+/PeYhxD+gAAAAAAAAJ6Omf/+/PeYhxD+gAAAAAAAAJi+3f/+
ZN2QhxD+gAAAAAAAAEjPj//+BuqVhxD+gAAAAAAAAJi+3f/+ZN2QhxD+gAAAAAAA
APTGKf/+6bHAhxD+gAAAAAAAABAuT//+1od3MAsGCSqGSIb3DQEBBQOBgQBZ4nmW
ZGaj7j0rFSUBzz7njweBH7LpPkcfvetfVE0WMbhBKND+dYH83zAAejBe9QWxdlY+
TiHkf0pEXGLR+R9fKipDcNs3vMaCZYimLgqmPq/hS9YzUf7v0gvkLeqBICFXV/RQ
RGrddPFwJG7rKnxX7tbQ93Nxw9S4Yr80OevbsQ==
-----END CERTIFICATE-----
subject=/O=juju/CN=*
issuer=/O=juju/CN=juju-generated CA for environment "rsyslog"
---
Acceptable client certificate CA names
/O=juju/CN=juju-generated CA for environment "rsyslog"
/O=juju/CN=juju-generated CA for environment "rsyslog"
---
SSL handshake has read 1295 bytes and written 547 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA256
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol : TLSv1.2
    Cipher : AES256-SHA256
    Session-ID: D057E1CB11EA37C70F8C9539E95EE675DB2B3F58A5834CDCEEE48F95464B00F5
    Session-ID-ctx:
    Master-Key: E5F761603E97CE6401F74A4EBF232FF5474DE033D4E0528026B5D1790251758545701294A249DE807D8B7ACC71B05678
    Key-Arg : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1423028794
    Timeout : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---
^C
root@juju-machine-0-lxc-8:/var/log/juju#

Here is the record of a manual attempt to connect to the machine 0 rsyslogd:

root@juju-machine-0-lxc-8:/var/log/juju# openssl s_client -connect 10.49.4.0:6514 -CAfile ca-cert.pem
CONNECTED(00000003)
depth=0 O = juju, CN = *
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 O = juju, CN = *
verify error:num=27:certificate not trusted
verify return:1
depth=0 O = juju, CN = *
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/O=juju/CN=*
   i:/O=juju/CN=juju-generated CA for environment "rsyslog"
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDSDCCArOgAwIBAgIBADALBgkqhkiG9w0BAQUwRTENMAsGA1UEChMEanVqdTE0
MDIGA1UEAwwranVqdS1nZW5lcmF0ZWQgQ0EgZm9yIGVudmlyb25tZW50ICJyc3lz
bG9nIjAeFw0xNTAxMjgwNTI0MDBaFw0yNTAyMDQwNTIzNTlaMBsxDTALBgNVBAoT
BGp1anUxCjAIBgNVBAMTASowgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKpH
52wcKtCLnVY8goqRAvBKierpAUHACcakSG34LysAEnVWb+GcKvMRNKOWs38DBkK4
KEdOzNRSgsaShFKg4omlfHDwUyVXOV0NsNM6/jSUcLyhM/KLcvVFEM9a5QNxU+53
H5wPSJEZklm228jRWKeRMnf2IZkfQJndKrLDw1NTAgMBAAGjggF0MIIBcDAOBgNV
HQ8BAf8EBAMCAKgwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYEFOX8AXWM
mL1e+9dnPJBGKYHt4HhaMB8GA1UdIwQYMBaAFDJS+w8VL6hM7MZmsEPK7P1MvvHT
MIIBBwYDVR0RBIH/MIH8ghxyYXNhbGhhZ3VlLmxjeTAzLmNhbm9uaXN0YWNrghhn
aWVuYWgubGN5MDMuY2Fub25pc3RhY2uCF3Jpc2hhLmxjeTAzLmNhbm9uaXN0YWNr
ggEqhwQKMQQBhxD+gAAAAAAAAJ6Omf/+/PeYhxD+gAAAAAAAAJ6Omf/+/PeYhxD+
gAAAAAAAAJ6Omf/+/PeYhxD+gAAAAAAAAJ6Omf/+/PeYhxD+gAAAAAAAAJi+3f/+
ZN2QhxD+gAAAAAAAAEjPj//+BuqVhxD+gAAAAAAAAJi+3f/+ZN2QhxD+gAAAAAAA
APTGKf/+6bHAhxD+gAAAAAAAABAuT//+1od3MAsGCSqGSIb3DQEBBQOBgQBZ4nmW
ZGaj7j0rFSUBzz7njweBH7LpPkcfvetfVE0WMbhBKND+dYH83zAAejBe9QWxdlY+
TiHkf0pEXGLR+R9fKipDcNs3vMaCZYimLgqmPq/hS9YzUf7v0gvkLeqBICFXV/RQ
RGrddPFwJG7rKnxX7tbQ93Nxw9S4Yr80OevbsQ== 
-----END CERTIFICATE-----
subject=/O=juju/CN=*
issuer=/O=juju/CN=juju-generated CA for environment "rsyslog"
---
Acceptable client certificate CA names   
/O=juju/CN=juju-generated CA for environment "rsyslog"
/O=juju/CN=juju-generated CA for environment "rsyslog"
---
SSL handshake has read 1295 bytes and written 547 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA256
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : AES256-SHA256
    Session-ID: D057E1CB11EA37C70F8C9539E95EE675DB2B3F58A5834CDCEEE48F95464B00F5
    Session-ID-ctx:
    Master-Key: E5F761603E97CE6401F74A4EBF232FF5474DE033D4E0528026B5D1790251758545701294A249DE807D8B7ACC71B05678
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1423028794
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---
^C
root@juju-machine-0-lxc-8:/var/log/juju#