Adding certificates to truststore?

[Nick Klauer]

I am trying to install AWX for development purposes / demoing, etc., internally at work, but am not able to get much working, as everything I want to communicate with is behind internally-signed SSL servers.

Is there a way to include a set of trusted certificates that would allow AWX to talk to other systems without getting all of these Peer Not Authenticated errors?

[Matthew Jones]

We don't have a directly supported way to go about this. You can update the container image to add these to the certificate trust store (in /etc/pkg) and then rebuild the image for your use.

This definitely sounds like something that could be automated... if you can generalize it then send us a PR, would love to have it.

On Thu, Sep 28, 2017 at 1:57 PM, Nick Klauer <kla...@gmail.com> wrote:

I am trying to install AWX for development purposes / demoing, etc., internally at work, but am not able to get much working, as everything I want to communicate with is behind internally-signed SSL servers.

Is there a way to include a set of trusted certificates that would allow AWX to talk to other systems without getting all of these Peer Not Authenticated errors?

--
You received this message because you are subscribed to the Google Groups "AWX Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to awx-project+unsubscribe@googlegroups.com.
To post to this group, send email to awx-p...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/fd0ba997-6b92-407f-8425-ed2713ab4c26%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Matt Jones

Principal Software Engineer

Ansible Tower

[Nick Klauer]

I'll have to take a look at where this would be added.  I know that for some other things in-house, I've been able to get by with the following two lines:

COPY additional_certs/* /etc/pki/ca-trust/source/anchors/
RUN update-ca-trust force-enable && update-ca-trust extract && update-ca-trust

On Thursday, September 28, 2017 at 8:49:56 PM UTC-5, Matthew Jones wrote:

We don't have a directly supported way to go about this. You can update the container image to add these to the certificate trust store (in /etc/pkg) and then rebuild the image for your use.

This definitely sounds like something that could be automated... if you can generalize it then send us a PR, would love to have it.

On Thu, Sep 28, 2017 at 1:57 PM, Nick Klauer <kla...@gmail.com> wrote:

I am trying to install AWX for development purposes / demoing, etc., internally at work, but am not able to get much working, as everything I want to communicate with is behind internally-signed SSL servers.

Is there a way to include a set of trusted certificates that would allow AWX to talk to other systems without getting all of these Peer Not Authenticated errors?

--
You received this message because you are subscribed to the Google Groups "AWX Project" group.

To unsubscribe from this group and stop receiving emails from it, send an email to awx-project...@googlegroups.com.

To post to this group, send email to awx-p...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/fd0ba997-6b92-407f-8425-ed2713ab4c26%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.