Issue Connecting Conjur CLI to Conjur DAP

Hello everyone, we are following the instructions provided at link to connect our conjur CLI tool but we get an error of: error: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unspecified certificate verification error). Would you have any insight on what we should check or how to start troubleshooting this error? We have tried the docker version and ruby gem version of the cli on a remote computer and we have tried the docker version directly on the host computer hosting Conjur DAP. Conjur DAP is on an AWS EC2. Below is the sequence of commands we input and the results.

conjur init -u [EC2 instance URL] -a [accountname]

SHA1 Fingerprint= [certificate fingerprint]

Please verify this certificate on the appliance using command:
openssl x509 -fingerprint -noout -in ~conjur/etc/ssl/conjur.pem

Trust this certificate (yes/no): yes
Wrote certificate to [Conjur PEM file]
Wrote configuration to C:/Users/.conjurrc

conjur authn login -p [password] -u [username]
error: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unspecified certificate verification error)

Any and all suggestions are appreciated. Thank you.

Hi Louis,

I think I have seen this issue before when the configured conjur certificate is different than the hostname you are using.

I would validate that the ec2 instance url is the same as the url returned when executing curl -k https://<ec2-instance-url>/info

The ec2 instance url should be in the hostname or master_altnames attributes returned from the curl command.

Regards,
Andrew

1 Like

Thank you very much Andrew. You are correct. The hostname was incorrect. Once we used the correct hostname it worked.

docker exec < container-name> evoke configure master --accept-eula --hostname <ec2-instance-url> --admin-password < password> < account-name>

This topic was automatically closed after 7 days. New replies are no longer allowed.