DEPTH_ZERO_SELF_SIGNED_CERT deploying code to staging instance (with 2FA bundle cert) #173
Comments
|
@clstopher Did you have to request a new cert from Salesforce or just upload a new one to the Private Keys and Certificates section of business manager? I'm getting the same error. [DEBUG] Error code: undefined, message: ee key too small, stack: Error: ee key too small There's a way to get around this by changing the openssl config settings, however having a strong key seems like the better approach. |
|
There also appears to be a --selfsigned boolean option on the CLI, however it doesn't seem to do anything. Adding the dw.json file with "self-signed" provided a work around so thanks for that! |
|
@nek4life - In my case, I simply generated a new certificate with the certificate bundle that Demandware originally gave us years ago; That got me around the "ee key too small" error but then I was getting the DEPTH_ZERO_SELF_SIGNED_CERT, which I solved with the dw.json workaround. I have not since changed / followed up with this - My system is currently working with this "hopefully short term fix". |
|
@clstopher I'll look into that. I have the .crt and .key files and created a pfx for use with sfcc-ci. I'll see if I can figure it out how to generate a new cert based on those with 2048 or above bits. Thanks for your help! |
|
@nek4life - Just noticed that you asked about uploading a cert to Private Keys and Certificates; To my knowledge, that isn't part of the process at all. You will generate a certificate using the Certificate Bundle that Demandware / Salesforce gives you, and that .p12 file will be something that you use on the client to log in. The server is already configured to recognize any certificate generated using that bundle. See documentation here: https://support-demandware.force.com/customer/articles/KB_How_To/How-to-create-a-client-certificate-for-Two-Factor-Authentication |
|
Figured worth mentioning that #261 is a partial fix for this issue. |
Hi - I'm performing some updates to a build process for code deployments to utilize an API Client instead of a BM username/password (in preparation for the upcoming UA requirement).
I have a build that has been working for quite some time using the build-suite to build, upload, and activate the code, which has been using the BM user account for the upload step and the API Client for the activation step without any problems.
I added some custom code to the build suite to utilize the sfcc-ci library for the code upload and I'm getting some unexpected errors.
First, after making this change I started to receive an error "key too small" - This was using the same 2FA certificate that the build has been using for quite some time, but I was able to get around this simply by creating a new 2FA certificate - Only mentioning this so hopefully if someone else runs into it a google search for "sfcc-ci key too small" will lead them here and maybe they'll have luck with a new cert too.
After generating a new cert, I started to receive the error DEPTH_ZERO_SELF_SIGNED_CERT. I'm currently able to work around this one using what I hope to be a very short term fix - I put a dw.json file in the root of the build suite that contains
{ "self-signed": true }(because I saw that the webdav code won't disablestrictSSLfor any other reason:sfcc-ci/lib/webdav.js
Line 38 in ddcc910
I have also confirmed that both errors occur if I try using the
sfcc-ci code:deploycommand line rather than by calling the library code from the build-suite.The odd thing is that the exact same code works for a different client without strictSSL disabled.
The text was updated successfully, but these errors were encountered: