Jump to content


SSL Certificates in $P4SSLDIR are not used

ssl p4d

  • Please log in to reply
3 replies to this topic

#1 Linard

Linard

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 12 October 2020 - 04:54 PM

Hi,

I'm currently setting up a perforce helix core server and I'm a bit stumped about the SSL connection. According to the Helix Core Server Administrator Guide, an ssl connection by specifing P4PORT on the server as e.g. ssl:1666 requires a certificate: "When configured to accept SSL connections, all server processes (p4d, p4p, p4broker), require a valid certificate and key pair on startup", and that I can generate a certificate using
p4d -Gc
. But even without explicitly generating a certificate, the perfoce server is perfectly reachable from outside.

Additionally, when I set up the certificate generation by setting P4SSLDIR and generating them before creating a server, the server seems to not use these certificates as the fingerprints differ, between p4d -Gf and when trying to connect to the server.

Here is the excerpt of my terminal on the server after starting it:
root@1c5a712c8410:/# p4d -Gf
Fingerprint: 54:07:27:56:93:D0:54:F7:59:5A:64:49:5A:87:8A:68:0C:00:62:0C
root@1c5a712c8410:/# p4 trust
The fingerprint of the server of your P4PORT setting
'ssl:1666' (127.0.0.1:1666) is not known.
That fingerprint is 06:53:5B:76:5E:80:A1:32:06:85:C2:07:6C:51:6F:88:02:72:44:D7
Are you sure you want to establish trust (yes/no)? no

When trying to connect using P4Admin from another machine I get the same "wrong" fingerprint:
Posted Image

Is there some additional configuration necessary beside defining P4SSLDIR on the server to use this certificate for p4d?
Thanks for the help.

#2 Matt Janulewicz

Matt Janulewicz

    Advanced Member

  • Members
  • PipPipPip
  • 230 posts
  • LocationSan Diego, CA

Posted 20 October 2020 - 05:57 AM

A bit of a stab in the dark, but when you start p4d are you explicitly passing in an ssl port? (p4d -p ssl::1666) I usually try to be explicit any time I'm running p4d, at least with the port.
-Matt Janulewicz
Currently unemployed, looking for work in Boise, ID!

#3 Linard

Linard

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 21 October 2020 - 03:21 PM

No, I rely on P4PORT being set to "ssl:1666", which does seem to function correctly when I try to connect via P4V

#4 Robert Cowham

Robert Cowham

    Advanced Member

  • PCP
  • 279 posts
  • LocationLondon, UK

Posted 23 October 2020 - 09:40 AM

As Matt said, you need to be really sure that your environment variables are the same when running p4d server and p4 client.

It's easy to get this wrong...

"p4 set" is a help.
Co-Author of "Learning Perforce SCM", PACKT Publishing, 25 September 2013, ISBN 9781849687645

"It's wonderful to see a new book about Perforce, especially one written by Robert Cowham and Neal Firth. No one can teach Perforce better than these seasoned subject matter experts"
  • Laura Wingerd, author of Practical Perforce, former VP of Product Technology at Perforce





Also tagged with one or more of these keywords: ssl, p4d

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users