GrayHatLabs commented on issue #11720:
URL: https://github.com/apache/apisix/issues/11720#issuecomment-2495065066
I added this to the config.yml and confirmed that both files exist on the
container. I am still seeing the same error.
Also, please note that the vault server certificate is a valid certificate
signed by Godaddy, which has a CA chain that might be part of the issue.
Is there any way for me to tell APISIX to trust a certificate?
```
apisix:
ssl:
ssl_trusted_certificate: /etc/ssl/certs/ca-certificates.crt
ssl_trusted_certificate: /usr/local/share/ca-certificates/vault-ca.crt
global_rules:
-
id: 1
plugins:
Key-auth:
header: "Authorization"
routes:
- id: "test_route"
uri: "/test"
plugins:
key-auth: {}
upstream:
type: roundrobin
scheme: "https"
nodes:
"postb.in:443": 1
consumers:
- username: nemus_dupper
plugins:
key-auth:
key: $secret://vault/1/nemus_dupper/auth-key
secrets:
- id: vault/1
ssl_verify: false
prefix: apisix
token: hvs.asdfasdfasdfasdfasdf
uri: https://vault.iipint.com:8200
```
```
api-gateway-1 | 2024/11/22 22:57:04 [error] 39#39: *97758 [lua]
secret.lua:180: fetch(): failed to fetch secret value: failed to retrtive data
from vault kv engine: 20: unable to get local issuer certificate, client:
172.18.0.1, server: _, request: "GET / HTTP/1.1", host: "127.0.0.1:8080"
api-gateway-1 | 2024/11/22 22:57:04 [warn] 39#39: *97758 [lua]
plugin.lua:1174: run_plugin(): key-auth exits with http status code 401,
client: 172.18.0.1, server: _, request: "GET / HTTP/1.1", host: "127.0.0.1:8080"
api-gateway-1 | 172.18.0.1 - - [22/Nov/2024:22:57:04 +0000] 127.0.0.1:8080
"GET / HTTP/1.1" 401 52 0.006 "-" "curl/8.2.1" - - - "http://127.0.0.1:8080";
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
