MirtoBusico commented on issue #235: URL: https://github.com/apache/apisix-helm-chart/issues/235#issuecomment-1038853354
Hi @tokers the first probem is that the secret is namespaced. So to have a valid secret it have to be defined in the apisix namespace ``` sysop@m01serv:~/m01certs$ kubectl -n apisix create secret generic m01cacert --from-file=cert=./m01ca.pem secret/m01cacert created sysop@m01serv:~/m01certs$ kubectl describe secret m01cacert -n apisix Name: m01cacert Namespace: apisix Labels: <none> Annotations: <none> Type: Opaque Data ==== cert: 1464 bytes sysop@m01serv:~/m01certs$ ``` Now apisix correctly start; but the "**SSL certificate problem: unable to get local issuer certificate**" error is still there. Trying to curl the keycloak server from apisix pod gives: ``` bash-5.1# curl -v https://k6k.m01.net * Trying 192.168.102.120:443... * Connected to k6k.m01.net (192.168.102.120) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: none * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (OUT), TLS alert, unknown CA (560): * SSL certificate problem: unable to get local issuer certificate * Closing connection 0 curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. bash-5.1# ``` Seems that the secret is not correct or the secret key have to use a particular name. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
