certificate verify failed: IP address mismatch, certificate is not valid for

[ope wazuh]

Hi ,

i need  help .

i tried to config reviewboard with jenkins (both uses self signed cert )

i export the cert of jenkins on my review-server and added the cert to /etc/ssl/certs

but didn't work .

[Christian Hammond]

Hi,

Python likely isn't trusting the self-signed certificate. The way you trust a cert system-wide depends on the system, and Python may not always look in the same place your Linux distribution expects it.

Please run the following and show me the output. It will provide information on where it's expecting to look for that certificate:

    python3 -c 'import ssl; print(ssl.get_default_verify_paths())'

(If you have multiple versions of Python 3 installed, you may need to specify the exact version that Apache's also using.)

These are the locations that Python is checking for trusted certificates. You may need to either place it in the listed openssl_capath directory, or append it to the end of the path in cafile.

Christian

--
Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/
Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/
Happy user? Let us know! https://www.reviewboard.org/users/
---
You received this message because you are subscribed to the Google Groups "Review Board Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/79281a73-4366-4d76-8fc1-8cdacd0e4f3dn%40googlegroups.com.

--

Christian Hammond

President/CEO of Beanbag

Makers of Review Board

[ope wazuh]

Hi,

i took some scrrenshots that can help to identify my problem .

i added the certif on /etc/ssl/certs , /usr/lib/ssl/certs and at the end of /usr/local/lib/python3.8/dist-packages/certifi/cacert.pem

But did not work for me .

i have to note that i have changed the openssl.cnf file (screenshot) cauz i had some probleme with the svn also .

Thanks in advance for your help

[Christian Hammond]

After updating those paths and restarting Apache, do you get the same error?

If so, your certificate or configured host may not be correct, or you may be hitting an OpenSSL bug. In the original screenshot, it shows an "IP address mismatch". The screenshot doesn't show what address you specified or what was in the error, so I can't really guide you too much on that, but if the specified address is an IP address and it doesn't match the certificate, you can hit this.

Alternatively, if it's a hostname that looks like an IP in the front (say, 1.2.3.4.my-domain), you may be hitting a known bug in OpenSSL for IP address verification, and would need to ensure your SSL certificate is using a different hostname.

In either case, the server configured must also match the SSL certificate exactly (i.e., your certificate can't be for a hostname while specifying an IP address in the integration configuration).

Christian

To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/4dfa0033-0e43-4475-a1d5-bb8dc71b5b39n%40googlegroups.com.