xyz2b edited a comment on issue #4333: URL: https://github.com/apache/apisix/issues/4333#issuecomment-850803662
Thank you, I went back and tried what you said, but there is another problem. Since it is a self-signed certificate, the client does not trust the CA organization of the certificate. Therefore, you need to configure the client to trust the certificate issued by the CA, that is, you need to configure the CA certificate. Like curl, you need to add the --cacert parameter, otherwise an error will be reported. The same is similar to the proxy_ssl_trusted_certificate configuration of nginx. However, apisix does not configure the parameters of trusting CA institutions. curl error ```shell [app@VM_97_180_centos apisix]$ curl -i https://etcd01.apisix.xxxx.com:2379/version curl: (60) Peer's Certificate issuer is not recognized. More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
