Attempting to use the jfrog cli to integrate with an artifactory server, when I get this error
jfrog rt config example-company --url=$ARTIFACTORY_URL --user=$ARTIFACTORY_USER --password=$ARTIFACTORY_PASS
[Info] Encrypting password...
[Error] Get https://artifactory.example.com/api/security/encryptedPassword: x509: certificate signed by unknown authority
Navigating to https://artifactory.example.com/api/security/encryptedPassword in a browser shows that the TLS certificate is valid, however I get a different error:
{
"errors": [
{
"status": 404,
"message": "User not found: bill.gates"
}
]
}
ping commands also return TLS errors
jfrog rt ping --url=https://artifactory.example.com
[Error] Get https://artifactory.example.com/artifactory/api/system/ping: x509: certificate signed by unknown authority
jfrog cli is written in golang. Running version:
go version
go version go1.12.5 darwin/amd64
Looking at the jfrog github issues, others have reported similar issues
https://github.com/jfrog/jfrog-cli/issues/277
How can I get the jfrog cli to connect to the artifactory server?
The errors were caused by a misconfigured apache vhost. Since the certificate chain is bundled in the cert, there was no need for the SSLCertificateChainFile. Web browsers handled this misconfiguration no problem, but golang was more particular about the chain.
Bad configuration
SSLCertificateFile "/etc/ssl/certs/artifactory.example.com.crt.pem"
SSLCertificateKeyFile "/etc/ssl/private/artifactory.example.com.key.pem"
SSLCertificateChainFile "/etc/ssl/certs/STAR.bad.example.com.pem"
Working configuration
SSLCertificateFile "/etc/ssl/certs/artifactory.example.com.crt.pem"
SSLCertificateKeyFile "/etc/ssl/private/artifactory.example.com.key.pem"