Hi,
I am trying to setup integration between our private github enterprise and Chef Automate using directions at https://docs.chef.io/integrate_delivery_github.html
But after following:
Create or update the generated CA certificate bundle files located in the /etc/pki/ca-trust/extracted directory hierarchy.
#update-ca-trust extract
When i go to the UI and Click on save, i get the error log:
tail -f /var/log/delivery/delivery/current
2018-06-24_16:33:35.28761 16:33:35.284 [error] SSL: certify: ssl_handshake.erl:1490:Fatal error: unknown ca
2018-06-24_16:33:35.29007 16:33:35.284 [error] Network error when sending a get request to https://git.mycompany.com:443/api/v3/: {conn_failed,{error,{tls_alert,"unknown ca"}}}
So the CERTS are indeed self signed certs, within our organization. As we are required to do so.
The same configuration works fine with public github, and i dont have to import any certs.
When i issue the command:
#openssl s_client -showcerts -connect git.mycompany.com:443
i get error:
verify error:num=20:unable to get local issuer certificate
Verify return code: 21 (unable to verify the first certificate)
and : Certificate chain
0 s:/C=US/O=X.X.X.X/OU=My OU Security/OU=mycompany/OU=Devices/CN=git.mycompany.com
i:/C=US/O=y,y,y,y/OU=x.x.x.x.x/OU=Certification Authorities/OU=ABC CA4
I have tried all variations for the bundle . but simply could not get this to work. I would appreciate any help.
Thanks,