Jump to content


Linard

Member Since 12 Oct 2020
Offline Last Active Oct 21 2020 03:20 PM
-----

Topics I've Started

SSL Certificates in $P4SSLDIR are not used

12 October 2020 - 04:54 PM

Hi,

I'm currently setting up a perforce helix core server and I'm a bit stumped about the SSL connection. According to the Helix Core Server Administrator Guide, an ssl connection by specifing P4PORT on the server as e.g. ssl:1666 requires a certificate: "When configured to accept SSL connections, all server processes (p4d, p4p, p4broker), require a valid certificate and key pair on startup", and that I can generate a certificate using
p4d -Gc
. But even without explicitly generating a certificate, the perfoce server is perfectly reachable from outside.

Additionally, when I set up the certificate generation by setting P4SSLDIR and generating them before creating a server, the server seems to not use these certificates as the fingerprints differ, between p4d -Gf and when trying to connect to the server.

Here is the excerpt of my terminal on the server after starting it:
root@1c5a712c8410:/# p4d -Gf
Fingerprint: 54:07:27:56:93:D0:54:F7:59:5A:64:49:5A:87:8A:68:0C:00:62:0C
root@1c5a712c8410:/# p4 trust
The fingerprint of the server of your P4PORT setting
'ssl:1666' (127.0.0.1:1666) is not known.
That fingerprint is 06:53:5B:76:5E:80:A1:32:06:85:C2:07:6C:51:6F:88:02:72:44:D7
Are you sure you want to establish trust (yes/no)? no

When trying to connect using P4Admin from another machine I get the same "wrong" fingerprint:
Posted Image

Is there some additional configuration necessary beside defining P4SSLDIR on the server to use this certificate for p4d?
Thanks for the help.