We have been struggling with the AWS Cli using SSL.

We kept getting error: "unable to get issuer certificate".

Now I was using my lab, that has a windows 2016 server issueing CA certificates. It seems file for all of my lab devices, but the AWS client did not like it. (so i thought)

It seems like the aws windows cli does not know how to lookup the CA authority. So you have to add a certificate bundle to the CLI.

 - - ca-bundle "c:\certs\cabundle.crt"

But it did not like the CA bundle my windows server gave me, so I purchased a proper Class 2 root certificate for my PowerScale.

I did the OpenSSL s_client -connect SMARTCONNECT_FQDM:9021 on my purchased SSL, which gave me the certificate repository!
(http://certs.starfieldtech.com/repository/ [certs.starfieldtech.com],)

I then downloaded the Certificate Bundle (“Starfield Certificate Bundles - G2” sf_bundle-g2.crt)

And added it to both the OpenSSL and AWS CLI, and it VERIFIED!

openssl s_client -connect s3.delludslabnj.net:9021 -CAfile sf_bundle-2.crt

aws --profile s3-user1 --endpoint https://s3.delludslabnj.net:9021 s3api list-objects --bucket bucket1 --output table --ca-bundle sf_bundle-g2.crt

Some of the screen shots below.

Placeholder Picture
Placeholder Picture
Placeholder Picture
Placeholder Picture
Placeholder Picture
Placeholder Picture
Placeholder Picture
© 2024 Copyright.
@ Captain Jack Sparrow