1

Attempting to use the jfrog cli to integrate with an artifactory server, when I get this error

jfrog rt config example-company --url=$ARTIFACTORY_URL --user=$ARTIFACTORY_USER --password=$ARTIFACTORY_PASS
[Info] Encrypting password...
[Error] Get https://artifactory.example.com/api/security/encryptedPassword: x509: certificate signed by unknown authority

Navigating to https://artifactory.example.com/api/security/encryptedPassword in a browser shows that the TLS certificate is valid, however I get a different error: 

{
  "errors": [
    {
      "status": 404,
      "message": "User not found: bill.gates"
    }
  ]
}

ping commands also return TLS errors

jfrog rt ping --url=https://artifactory.example.com
[Error] Get https://artifactory.example.com/artifactory/api/system/ping: x509: certificate signed by unknown authority

jfrog cli is written in golang. Running version:

go version
go version go1.12.5 darwin/amd64

Looking at the jfrog github issues, others have reported similar issues

https://github.com/jfrog/jfrog-cli/issues/277

How can I get the jfrog cli to connect to the artifactory server?

spuder
  • 17,437
  • 19
  • 87
  • 153

1 Answers1

1

The errors were caused by a misconfigured apache vhost. Since the certificate chain is bundled in the cert, there was no need for the SSLCertificateChainFile. Web browsers handled this misconfiguration no problem, but golang was more particular about the chain.

Bad configuration

  SSLCertificateFile      "/etc/ssl/certs/artifactory.example.com.crt.pem"
  SSLCertificateKeyFile   "/etc/ssl/private/artifactory.example.com.key.pem"
  SSLCertificateChainFile "/etc/ssl/certs/STAR.bad.example.com.pem"

Working configuration

  SSLCertificateFile      "/etc/ssl/certs/artifactory.example.com.crt.pem"
  SSLCertificateKeyFile   "/etc/ssl/private/artifactory.example.com.key.pem"
spuder
  • 17,437
  • 19
  • 87
  • 153