MirtoBusico commented on issue #8568: URL: https://github.com/apache/apisix/issues/8568#issuecomment-1365721465
Hi @tokers the content of my CA certificate is ``` sysop@hserv:~/H/hservcerts$ cat hservca.pem -----BEGIN CERTIFICATE----- MIIEDTCCAvWgAwIBAgIUNh8YcHarQe4SyFJd0W1nMLJXE/wwDQYJKoZIhvcNAQEL BQAwgZUxCzAJBgNVBAYTAklUMQ4wDAYDVQQIDAVJdGFseTENMAsGA1UEBwwEUm9t ZTEVMBMGA1UECgwMQnVzaWNvIE1pcnRvMRMwEQYDVQQLDApMYWJvcmF0b3J5MRUw EwYDVQQDDAxCdXNpY28gTWlydG8xJDAiBgkqhkiG9w0BCQEWFW1pcnRvYnVzaWNv QGdtYWlsLmNvbTAeFw0yMjA4MTUxNTQwMDZaFw0zMjA4MTIxNTQwMDZaMIGVMQsw CQYDVQQGEwJJVDEOMAwGA1UECAwFSXRhbHkxDTALBgNVBAcMBFJvbWUxFTATBgNV BAoMDEJ1c2ljbyBNaXJ0bzETMBEGA1UECwwKTGFib3JhdG9yeTEVMBMGA1UEAwwM QnVzaWNvIE1pcnRvMSQwIgYJKoZIhvcNAQkBFhVtaXJ0b2J1c2ljb0BnbWFpbC5j b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYCAMZo12TlF8Vho+B MBhyvTni6NLLorflgQgoRqCzcQq9yzMTUhgVQU1kzGaV98bzeIT4knJTjEmFVyJ7 qOIZhB2bdi5I8EpjLR/ooCwyo6rdTiymJECujxbUdl74aZ1pFfDsXrsazuoA2Ut+ dQPkRcNNovpuYsTehepOBFV3gts/TuT0WfalnZS//Rtz3sTEMIV4GTi5SrU1kCYR QxO147c0NU9Q0HvVeV57+Y469O8DCm1ZumuRTiN6ZSojM4tGIIexyhyMg/V5j+zA XO7Wnvq9myFYXM/e7hor67rAzpkwbagvOhhn1R/DlgRGikVSrv9UhqU74CG/7AAk iTbpAgMBAAGjUzBRMB0GA1UdDgQWBBTbb3GEP28aGXTv7bQP9jf0YZfkmzAfBgNV HSMEGDAWgBTbb3GEP28aGXTv7bQP9jf0YZfkmzAPBgNVHRMBAf8EBTADAQH/MA0G CSqGSIb3DQEBCwUAA4IBAQCIlTXWDhU1D0t1RM41OvVl8EhfCRFbVaVoemItNtQB nmJ0TFeb+ARl+c8IKCNifn9U3ftA3wKoCfaQvhrjoaVDBeFbK3b5ym6C0dX6ZKXa LsT2CyMpAoTV3Y0QKMpKMR16ZfZbB5wCXxpBdnNveWL6cBOTaJzS1BfIU0XcTD6c bAM+nhvQSMHTaaJnLksMAE1akHcpONtFeyLO13gwgo96f21bel852dWLo99xqQJr q+YaYx7bRIktWW1WvBNpy9wuI4llUn7ovlYjl1T084v+++tbPL6NH7UlFA5WqXdK 4gDaR3SzcCWWgnw5moMAS6u278z5xos12bSH1Yv9p68B -----END CERTIFICATE----- sysop@hserv:~/H/hservcerts$ ``` On the Apisix pod the /usr/local/apisix/conf/ssl/cert is ``` root@apisix-54cdc68f89-wtl8w:/usr/local/apisix# cat /usr/local/apisix/conf/ssl/cert -----BEGIN CERTIFICATE----- MIIEDTCCAvWgAwIBAgIUNh8YcHarQe4SyFJd0W1nMLJXE/wwDQYJKoZIhvcNAQEL BQAwgZUxCzAJBgNVBAYTAklUMQ4wDAYDVQQIDAVJdGFseTENMAsGA1UEBwwEUm9t ZTEVMBMGA1UECgwMQnVzaWNvIE1pcnRvMRMwEQYDVQQLDApMYWJvcmF0b3J5MRUw EwYDVQQDDAxCdXNpY28gTWlydG8xJDAiBgkqhkiG9w0BCQEWFW1pcnRvYnVzaWNv QGdtYWlsLmNvbTAeFw0yMjA4MTUxNTQwMDZaFw0zMjA4MTIxNTQwMDZaMIGVMQsw CQYDVQQGEwJJVDEOMAwGA1UECAwFSXRhbHkxDTALBgNVBAcMBFJvbWUxFTATBgNV BAoMDEJ1c2ljbyBNaXJ0bzETMBEGA1UECwwKTGFib3JhdG9yeTEVMBMGA1UEAwwM QnVzaWNvIE1pcnRvMSQwIgYJKoZIhvcNAQkBFhVtaXJ0b2J1c2ljb0BnbWFpbC5j b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYCAMZo12TlF8Vho+B MBhyvTni6NLLorflgQgoRqCzcQq9yzMTUhgVQU1kzGaV98bzeIT4knJTjEmFVyJ7 qOIZhB2bdi5I8EpjLR/ooCwyo6rdTiymJECujxbUdl74aZ1pFfDsXrsazuoA2Ut+ dQPkRcNNovpuYsTehepOBFV3gts/TuT0WfalnZS//Rtz3sTEMIV4GTi5SrU1kCYR QxO147c0NU9Q0HvVeV57+Y469O8DCm1ZumuRTiN6ZSojM4tGIIexyhyMg/V5j+zA XO7Wnvq9myFYXM/e7hor67rAzpkwbagvOhhn1R/DlgRGikVSrv9UhqU74CG/7AAk iTbpAgMBAAGjUzBRMB0GA1UdDgQWBBTbb3GEP28aGXTv7bQP9jf0YZfkmzAfBgNV HSMEGDAWgBTbb3GEP28aGXTv7bQP9jf0YZfkmzAPBgNVHRMBAf8EBTADAQH/MA0G CSqGSIb3DQEBCwUAA4IBAQCIlTXWDhU1D0t1RM41OvVl8EhfCRFbVaVoemItNtQB nmJ0TFeb+ARl+c8IKCNifn9U3ftA3wKoCfaQvhrjoaVDBeFbK3b5ym6C0dX6ZKXa LsT2CyMpAoTV3Y0QKMpKMR16ZfZbB5wCXxpBdnNveWL6cBOTaJzS1BfIU0XcTD6c bAM+nhvQSMHTaaJnLksMAE1akHcpONtFeyLO13gwgo96f21bel852dWLo99xqQJr q+YaYx7bRIktWW1WvBNpy9wuI4llUn7ovlYjl1T084v+++tbPL6NH7UlFA5WqXdK 4gDaR3SzcCWWgnw5moMAS6u278z5xos12bSH1Yv9p68B -----END CERTIFICATE----- root@apisix-54cdc68f89-wtl8w:/usr/local/apisix# ``` (Seems equal) Issuing wget with --ca-certificate from Apisix pod says ``` root@apisix-54cdc68f89-wtl8w:/usr/local/apisix# wget -v --ca-certificate /usr/local/apisix/conf/ssl/cert https://k6k.h.net/realms/hcluster_admins/.well-known/openid-configuration --2022-12-27 08:45:55-- https://k6k.h.net/realms/hcluster_admins/.well-known/openid-configuration Loaded CA certificate '/usr/local/apisix/conf/ssl/cert' Resolving k6k.h.net (k6k.h.net)... 192.168.100.20 Connecting to k6k.h.net (k6k.h.net)|192.168.100.20|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 5928 (5.8K) [application/json] Saving to: 'openid-configuration' openid-configuration 100%[=======================================================================================================================================================>] 5.79K --.-KB/s in 0s 2022-12-27 08:45:55 (326 MB/s) - 'openid-configuration' saved [5928/5928] root@apisix-54cdc68f89-wtl8w:/usr/local/apisix# ``` Issuing wget **without** --ca-certificate from Apisix pod says ``` root@apisix-54cdc68f89-wtl8w:/usr/local/apisix# wget -v https://k6k.h.net/realms/hcluster_admins/.well-known/openid-configuration --2022-12-27 08:48:21-- https://k6k.h.net/realms/hcluster_admins/.well-known/openid-configuration Resolving k6k.h.net (k6k.h.net)... 192.168.100.20 Connecting to k6k.h.net (k6k.h.net)|192.168.100.20|:443... connected. ERROR: The certificate of 'k6k.h.net' is not trusted. ERROR: The certificate of 'k6k.h.net' doesn't have a known issuer. root@apisix-54cdc68f89-wtl8w:/usr/local/apisix# ``` Can I look at someting else? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
