Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Insecure TLS With Jfrog Rt Mvn Commands #481

Open
megantexo opened this issue Oct 28, 2019 · 2 comments
Open

Insecure TLS With Jfrog Rt Mvn Commands #481

megantexo opened this issue Oct 28, 2019 · 2 comments

Comments

@megantexo
Copy link

The --insecure-tls flag does not work with jfrog rt mvn commands. This prevents us from running a mvn clean install deploy to an Artifactory instance with a self-signed certificate.

Here is the command I've been trying to get working (using version 1.3.0 of the CLI):

jfrog rt mvn 'clean install deploy' /buildInfo --build-name=hello --build-number=1 --insecure-tls

Is there a different way to use Maven to deploy artifacts to an Artifactory instance with self-signed certificates? We need to build and deploy artifacts to a given Artifactory repository, while collecting and publishing the build info for later use in promoting that build to other repositories.

Thanks for any help!
@eyalbe4
Copy link
Contributor

eyalbe4 commented Mar 30, 2020

@megantexo,
The latest release of JFrog CLI includes a --insecure-tls option for the jfrog rt mvn command.
Looking forward to your feedback.

@fourpastmidnight
Copy link

I'm assuming you're using a private CA certificate. Are you sure your certificate meets all the requirements? Namely, that the Common Name or Subject Name (CN) field is the IP address of the server or the IP address of the artifactory.shared.node.ip key value in the system.yaml file? This is a requirement for a private CA certificate being used with Artifactory.

If you're using the IP address in the URL to connect to Artifactory, does the certificate also have the IP address being used in the URL in the Subject Alternative Name (SAN) field? It is required that the name being used in the URL, whether that's IP address or DNS entry, be present in the SAN field for browsers, utilities (e.g., curl, wget) and SDKs to validate the certificate, as they only check the SAN field to validate that the presented certificate matches the URL being used to contact the server.

Again, for Artifactory, it's required that the CN field be the IP address of the server (or artifactory.shared.node.ip in system.yaml) and that the "name" being used to connect to the server, whether IP address(es) or DNS name(s) or both, are all provided in the certificate's SAN field.

@ker2x ker2x mentioned this issue Jul 17, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@fourpastmidnight @eyalbe4 @megantexo