You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After upgrading to 0.2 (pkg 0.2-202310282127-ubuntu22.04) CA trust stopped working - I mean adding remotes without tokens and api communication, just plain PKI with core.trust_ca_certificates: "true" configure.
Steps to reproduce
install 0.1 incus and configure pki with server/client certificates and server.ca/client.ca
incus remote add name hostname works without asking password
upgrade to 0.2 incus
remove any remote and try to add it again
incus remote add name hostname --debug
DEBUG [2023-11-04T16:03:28Z] Connecting to a remote Incus over HTTPS url="https://hostname:8443"
DEBUG [2023-11-04T16:03:28Z] Sending request to Incus etag= method=GET url="https://hostname:8443/1.0"
Certificate fingerprint: f8adadd08bac1069ecb6317e0285b16d70ca0b472e50b8ae27cb09d1a41eb482
ok (y/n/[fingerprint])? y
DEBUG [2023-11-04T16:03:37Z] Connecting to a remote Incus over HTTPS url="https://hostname:8443"
DEBUG [2023-11-04T16:03:37Z] Sending request to Incus etag= method=GET url="https://hostname:8443/1.0"
Error: Client certificate not found
downgrade to 0.1-202310210536-ubuntu22.04 everything back in working state
Both certificates (client and server) are trusted - tested via openssl verify. Our internal CA is baked into system CA "trust store".
not working table:
client
server
state
0.1
0.2
not working
0.2
0.2
not working
0.2
0.1
ok
0.1
0.1
ok
The text was updated successfully, but these errors were encountered:
Required information
Issue description
After upgrading to 0.2 (pkg 0.2-202310282127-ubuntu22.04) CA trust stopped working - I mean adding remotes without tokens and api communication, just plain PKI with core.trust_ca_certificates: "true" configure.
Steps to reproduce
incus remote add name hostname
works without asking passwordincus monitor on the server side:
incus info (config: part)
other notes
Both certificates (client and server) are trusted - tested via
openssl verify
. Our internal CA is baked into system CA "trust store".not working table:
The text was updated successfully, but these errors were encountered: