If I run:
curl -si localhost:8000/login -H "Accept: application/json" -d username='salt' -d password='salt' -d eauth='pam'
It gives this error:
Process Manager starting! Enter PEM pass phrase: [WARNING ] SSL Error on 8 ('127.0.0.1', 50408): [Errno 1] _ssl.c:510: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [ERROR ] Uncaught exception Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/tornado/http1connection.py", line 693, in _server_request_loop ret = yield conn.read_response(request_delegate) File "/usr/lib/python2.7/dist-packages/tornado/gen.py", line 870, in run value = future.result() File "/usr/lib/python2.7/dist-packages/tornado/concurrent.py", line 215, in result raise_exc_info(self._exc_info) File "/usr/lib/python2.7/dist-packages/tornado/gen.py", line 876, in run yielded = self.gen.throw(*exc_info) File "/usr/lib/python2.7/dist-packages/tornado/http1connection.py", line 168, in _read_message quiet_exceptions=iostream.StreamClosedError) File "/usr/lib/python2.7/dist-packages/tornado/gen.py", line 870, in run value = future.result() File "/usr/lib/python2.7/dist-packages/tornado/concurrent.py", line 215, in result raise_exc_info(self._exc_info) File "", line 3, in raise_exc_info SSLError: [Errno 1] _ssl.c:510: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
Here is:
tail /etc/salt/master # socket backlog backlog: 128 ssl_crt: /etc/pki/api/certs/cert.pem # no need to specify ssl_key if cert and key # are in one single file ssl_key: /etc/pki/api/certs/key.pem debug: False disable_ssl: False webhook_disable_auth: False cors_origin: null
And I copied my self-signed certs to the location shown above and added it to the root CA:
sudo cp cert.pem /usr/share/ca-certificates/ sudo dpkg-reconfigure ca-certificates