Hello Eugen, thanks for the validation. Actually I use plain http because I do not have much time to look for a solution. But i will check a new cert ASAP. Christoph Am Fr., 17. Nov. 2023 um 12:57 Uhr schrieb Eugen Block <eblock@xxxxxx>: > I was able to reproduce the error with a self-signed elliptic curves > based certificate. But I also got out of it by removing cert and key: > > quincy-1:~ # ceph config-key rm mgr/dashboard/key > key deleted > quincy-1:~ # ceph config-key rm mgr/dashboard/crt > key deleted > > Then I failed the mgr just to be sure: > > quincy-1:~ # ceph mgr fail > quincy-1:~ # ceph config-key get mgr/dashboard/crt > Error ENOENT: > > And then I configured the previous key, did a mgr fail and now the > dashboard is working again. > > Zitat von Eugen Block <eblock@xxxxxx>: > > > Hi, > > > > did you get your dashboard back in the meantime? I don't have an > > answer regarding the certificate based on elliptic curves but since > > you wrote: > > > >> So we tried to go back to the original state by removing CRT anf KEY but > >> without success. The new key seems to stuck into the config > > > > how did you try to remove it? I would just assume that this should work: > > > > $ ceph config-key rm mgr/dashboard/cert > > > > Do you get an error message when removing it or does the mgr log > > anything when you try to remove it which fails? > > Also which ceph version is this? > > > > Thanks, > > Eugen > > > > Zitat von "Ackermann, Christoph" <c.ackermann@xxxxxxxxxxxx>: > > > >> Hello all, > >> > >> today i got a new certificate for our internal domain based on RSA/4096 > >> secp384r1. After inserting CRT and Key i got both "...updated" > messages. > >> After checking the dashboard i got an empty page and this error: > >> > >> health: HEALTH_ERR > >> Module 'dashboard' has failed: key type unsupported > >> > >> So we tried to go back to the original state by removing CRT anf KEY but > >> without success. The new key seems to stuck into the config > >> > >> [root@cephxxxx ~]# ceph config-key get mgr/dashboard/crt > >> -----BEGIN CERTIFICATE----- > >> MIIFqTCCBJGgAwIBAgIMB5tjLSz264Ic8zeHMA0GCSqGSIb3DQEBCwUAMEwxCzAJ > >> [...] > >> ItzkEzq4SZ6V1Jhuf4bFlOMBVAKgAwZ90gXlguoiFFQu5+NIqNljZ8Jz7d0jhH43 > >> e3zhm5sn21+eIqRbiQ== > >> -----END CERTIFICATE----- > >> > >> [root@cephxxxx ~]# ceph config-key get mgr/dashboard/key > >> > >> *Error ENOENT: * > >> > >> We tried to generate a self signed Cert but no luck. It looks like > manger > >> stays in an intermediate state. The only way to get back the dashboard > is > >> to disable SSL and use plain http. > >> > >> Can somebody explain this behaviour? Maybe secp384r1 elliptic curves > >> aren't supported? How can we clean up SSL configuration? > >> > >> Thanks, > >> Christoph Ackermann > >> > >> Ps we checked some Information like > >> https://tracker.ceph.com/issues/57924#change-227744 and others but no > >> luck... > >> _______________________________________________ > >> ceph-users mailing list -- ceph-users@xxxxxxx > >> To unsubscribe send an email to ceph-users-leave@xxxxxxx > > > _______________________________________________ > ceph-users mailing list -- ceph-users@xxxxxxx > To unsubscribe send an email to ceph-users-leave@xxxxxxx > _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |