tzssangglass commented on issue #5125:
URL: https://github.com/apache/apisix/issues/5125#issuecomment-926299746
```yaml
etcd:
tls:
verify: false
```
the `verify` here used to control whether to verify that the CA certificate
issuing the etcd certificate is in the trusted certificate chain of the host
where APISIX is located.
case 1:
verify: true, and the CA certificate issuing the etcd certificate is not in
the trusted certificate chain of the host where APISIX is located, APISIX will
throw an Unknow CA error in tlshandshake process and stop connection.
In this case you need to configure `ssl_trusted_certificate` as the CA
certificate that issuing the etcd certificate.
case 2:
verify: false, and the CA certificate issuing the etcd certificate is not in
the trusted certificate chain of the host where APISIX is located, APISIX won't
throw an Unknow CA error in tlshandshake process, and ignore Encrypted Alert
error, just establish connections with etcd.
case 3:
verify: true, and the CA certificate issuing the etcd certificate is in the
trusted certificate chain of the host where APISIX is located, APISIX will do
tlshandshake normally and establish connections with etcd.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
