[GitHub] [apisix] MarkCupitt commented on issue #8663: bug: failed to find any SSL certificate by SNI:

2023-01-19 Thread GitBox 


MarkCupitt commented on issue #8663:
URL: https://github.com/apache/apisix/issues/8663#issuecomment-1397802057

   Certs loaded by the dashboard V2 will NOT be seen in the routing, until the 
dashboard is made compatible, you MUST use the API's to load and manage certs
   
   Additionally, if you use a Wildcard Cert ["*.example.com"] the route MUST 
use `hosts: ["*.example.com"]`. if you need granular route matching, you will 
need to add a filter, or match on vars and/or priority
   
   if you use `host: "my.example.com"` it will not match, is it uses the 
literal SNI value `*.example.com`
   
   @tokers Might save a lot of grief for people if this could be added to the 
documentation in the following locations:
   
   https://apisix.apache.org/docs/apisix/admin-api/#request-body-parameters
   https://apisix.apache.org/docs/apisix/admin-api/#ssl-api
   
   Documenting in case anyone else has this issue


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [apisix] MarkCupitt commented on issue #8663: bug: failed to find any SSL certificate by SNI:

2023-01-13 Thread GitBox 


MarkCupitt commented on issue #8663:
URL: https://github.com/apache/apisix/issues/8663#issuecomment-1382610007

   Issue for upload via V3 api still remains
   
   
   Solution for Dashboard Concern
   
   Seems the Dashboard ONLY supports the V2 api which uses `/ssl`, whereas the 
V3 version of apisix requires certs to be loaded accessed form api `/ssls`
   
   #8173
   #8599
   #8183


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [apisix] MarkCupitt commented on issue #8663: bug: failed to find any SSL certificate by SNI:

2023-01-12 Thread GitBox 


MarkCupitt commented on issue #8663:
URL: https://github.com/apache/apisix/issues/8663#issuecomment-1381226669

   @tokers ok, understand, but given issue with #8665 (we seem unable to get it 
to work via api either) how do we achieve this so we can get the SNI matching 
to work, Im unsure on what we need to do


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [apisix] MarkCupitt commented on issue #8663: bug: failed to find any SSL certificate by SNI:

2023-01-12 Thread GitBox 


MarkCupitt commented on issue #8663:
URL: https://github.com/apache/apisix/issues/8663#issuecomment-1381214147

   @tokers yes, we are .. but we have an issue logged using the api upload as 
well .. #8665 which we could not get to work, it would accept the cert, and 
return 200, but dashboard failed to get the expiry date out of the cert, the 
dashboard DID extract the SNI correctly.
   
   Problem is that the cert displayed in teh dashboard but was not able to be 
deleted
   
   Again, apisix logged the **Same error** that on **both upload methods**.
   
   I also tried downgrading the cert from 4096 to 2048, just in case, no 
difference
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [apisix] MarkCupitt commented on issue #8663: bug: failed to find any SSL certificate by SNI:

2023-01-12 Thread GitBox 


MarkCupitt commented on issue #8663:
URL: https://github.com/apache/apisix/issues/8663#issuecomment-1380024550

   the sni and cert are issued to e3.engineering.billrush.work
   
   the dashboard gets the correct SNI from the cert


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [apisix] MarkCupitt commented on issue #8663: bug: failed to find any SSL certificate by SNI:

2023-01-12 Thread GitBox 


MarkCupitt commented on issue #8663:
URL: https://github.com/apache/apisix/issues/8663#issuecomment-1380022019

   sorry on brevity on phone right now
   
   https://e3.billrush.work/toptog in the browser
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [apisix] MarkCupitt commented on issue #8663: bug: failed to find any SSL certificate by SNI:

2023-01-12 Thread GitBox 


MarkCupitt commented on issue #8663:
URL: https://github.com/apache/apisix/issues/8663#issuecomment-1380016365

   the client is latest chrome and firefox, both tested, the route is for a
   html page
   
   On Thu, 12 Jan 2023, 5:05 pm Alex Zhang, ***@***.***> wrote:
   
   > @MarkCupitt  How did you send a request?
   >
   > The certificate matching depends on the TLS SNI sent from the Client Hello
   > packet. So please check out if your clients send the correct TLS SNI.
   >
   > —
   > Reply to this email directly, view it on GitHub
   > ,
   > or unsubscribe
   > 

   > .
   > You are receiving this because you were mentioned.Message ID:
   > ***@***.***>
   >
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [apisix] MarkCupitt commented on issue #8663: bug: failed to find any SSL certificate by SNI:

2023-01-11 Thread GitBox 


MarkCupitt commented on issue #8663:
URL: https://github.com/apache/apisix/issues/8663#issuecomment-1379890294

   I noticed in the Helm config, these options, Have assume they are not 
required ot be set, as nothing documented
   
   ```
 tls:
   enabled: true
   servicePort: 443
   containerPort: 9443
   existingCASecret: ""
   certCAFilename: ""
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org