Deploy script unable to build trust using an AWS CA TLS certificate : PrivX Help

Deploy script unable to build trust using an AWS CA TLS certificate

Symptoms

The deploy script is unable to build trust and fails with error:

Failed to authenticate with PrivX: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get issuer certificate (_ssl.c:1108)

Circumstances

The PrivX instance is running in Amazon and the TLS certificate is provided by AWS CA (e.g. using AWS ALB).

Solution

Prepend Amazon Root CA certificate to the trust achor certificate chain
Run /opt/privx/scripts/init_nginx.sh update-trust /path/to/ca_chain.crt
Restart PrivX service
Redownload the deploy script

Did you find it helpful? Yes No