Skip to content

Commit 2c25162

Browse files
dylemmadylemma
authored
Add troubleshooting for cert verification errors
1 parent 0a0f811 commit 2c25162

1 file changed

Lines changed: 33 additions & 1 deletion

File tree

readme.md

Lines changed: 33 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,13 @@ You only have to enter the connection information once, up front; each command w
2626
The required connection information includes the "base url" where you browse Code Dx,
2727
and the information you use to log in (username+password, or an API Key).
2828

29+
Note: When connecting to Code Dx over https, Linux/Unix users will need to specify the path to the certificate trust store:
30+
31+
```sh
32+
# note: this path may vary by machine - make sure you pick the right path for you!
33+
export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
34+
```
35+
2936
```text
3037
$> ./codedx-client https://localhost/codedx -u johndoe -p supersecret
3138
Welcome to the Code Dx CLI Client REPL.
@@ -191,4 +198,29 @@ For regular (plain text entry) fields, you can just give part of the value for i
191198
```text
192199
codedx> projects -m Owner jo -m Visibility high
193200
{"id":4,"name":"Yet another","parentId":3}
194-
```
201+
```
202+
203+
# Troubleshooting
204+
205+
## Certificate verification errors
206+
207+
At the time or writing this, there are two cases where you might see a certificate verification error when running the CLI:
208+
209+
1. **The CLI doesn't know where to find your certificate trust store.**
210+
211+
A good litmus test for this case is pointing the CLI at `https://www.google.com` instead of your Code Dx server.
212+
If you still get a certificate verification error with that address, the CLI won't trust anyone over HTTPS.
213+
To solve this, set the following environment variable:
214+
215+
```sh
216+
export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
217+
```
218+
219+
Note that the path and filename may vary depending on your system.
220+
221+
2. **Your system doesn't trust Code Dx's SSL certificate.**
222+
Code Dx's installer sets up a self-signed certificate in order to run HTTPS, but it can't know the domain name you'll ultimately use it with.
223+
224+
To get around this, you'll need to [set that certificate as trusted](https://help.ubuntu.com/community/OpenSSL#Importing_a_Certificate_into_the_System-Wide_Certificate_Authority_Database), and use the `--insecure` flag when running the CLI to disable hostname verification.
225+
226+
Alternatively, you could replace the auto-generated certificate with one of your own which is already trusted.

0 commit comments

Comments
 (0)