Skip to main content
  • EN

Hello, I want to connect Kasten K10 with S3 Compatible storage with TLS encryption and certificate verification.

If I check the checkbox 'Skip certificate chain and hostname verification', the connection works. However, if I uncheck it, I get an error:

There was a problem validating the profile
failed to get bucket s3-backup: GetBucketLocation: RequestError: send request failed caused by: Get "https://qwe.qwe.qwe:9021/s3-backup?location=": tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match qwe.qwe.qwe

 

I have downloaded the certificate from https://qwe.qwe.qwe:9021 and added it to the YAML file of the Kasten K10 instance (custom-ca-bundle-store).

 

After making this change, the same error still persists.

 

Could someone please assist me what I’m doing wrong.

 

Br, Mike

Hi @gavezm try to download k10tool  and use The k10tools debug ca-certificate command to check if the CA certificate is installed properly in K10.

Check the below link for more details

https://docs.kasten.io/latest/operating/k10tools.html?highlight=k10tools%20debug%20ca%20certificate#ca-certificate-check

BR,
Ahmed Hagag

Hello, I did it, and the certificate exists.

What else I can to to check what I’m doing wrong?

Br, Mike

hi @gavezm  do you have any intermediates CA as well, as You need to get the CA of the Root that signed the certificate for the S3 endpoint and intermediates if any into a  file custom-ca-bundle.pem
 

also, make sure you have enabled s3 permission for GetBucketLocation ( it is not related )

if the issue still persists i’d recommend to collect the debug logs and open a trial case to our Kasten support team to check.

BR,
Ahmed Hagag
 

I think the problem is that the certificate of the S3 endpoint doesn’t have any Subject Alternative Name (SAN) inside the certificate.

Error: tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match s3.qwe.qweqwe.qwe

 

Is it possible to remove only matching?

 

Br, Mike

Comment


Terms & Conditions