Re: [I] bug: Vault Secret Engine Issue LUA Trust Certificates [apisix]
Baoyuantop commented on issue #11720: URL: https://github.com/apache/apisix/issues/11720#issuecomment-2961770309 > Is there any way for me to tell APISIX to trust a certificate? ``` apisix: ssl: trusted_ca_cert: /path/to/your/ca-cert.pem ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [I] bug: Vault Secret Engine Issue LUA Trust Certificates [apisix]
shreemaan-abhishek commented on issue #11720: URL: https://github.com/apache/apisix/issues/11720#issuecomment-2907582560 @Baoyuantop, this should be related to https://github.com/apache/apisix/issues/11657 could you please check? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [I] bug: Vault Secret Engine Issue LUA Trust Certificates [apisix]
Baoyuantop commented on issue #11720: URL: https://github.com/apache/apisix/issues/11720#issuecomment-2903838227 There is no `ssl_verify` configuration item found in the vault's configuration, and in the `make_request_to_vault` function, the HTTP request is not passed any SSL-related parameters, which could be a potential missing feature. Vault connections always perform SSL certificate validation, even if the user does not want it. In environments where self-signed certificates or private CAs are used, this can cause the connection to fail. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [I] bug: Vault Secret Engine Issue LUA Trust Certificates [apisix]
GrayHatLabs commented on issue #11720:
URL: https://github.com/apache/apisix/issues/11720#issuecomment-2495065066
I added this to the config.yml and confirmed that both files exist on the
container. I am still seeing the same error.
Also, please note that the vault server certificate is a valid certificate
signed by Godaddy, which has a CA chain that might be part of the issue.
Is there any way for me to tell APISIX to trust a certificate?
```
apisix:
ssl:
ssl_trusted_certificate: /etc/ssl/certs/ca-certificates.crt
ssl_trusted_certificate: /usr/local/share/ca-certificates/vault-ca.crt
global_rules:
-
id: 1
plugins:
Key-auth:
header: "Authorization"
routes:
- id: "test_route"
uri: "/test"
plugins:
key-auth: {}
upstream:
type: roundrobin
scheme: "https"
nodes:
"postb.in:443": 1
consumers:
- username: nemus_dupper
plugins:
key-auth:
key: $secret://vault/1/nemus_dupper/auth-key
secrets:
- id: vault/1
ssl_verify: false
prefix: apisix
token: hvs.asdfasdfasdfasdfasdf
uri: https://vault.iipint.com:8200
```
```
api-gateway-1 | 2024/11/22 22:57:04 [error] 39#39: *97758 [lua]
secret.lua:180: fetch(): failed to fetch secret value: failed to retrtive data
from vault kv engine: 20: unable to get local issuer certificate, client:
172.18.0.1, server: _, request: "GET / HTTP/1.1", host: "127.0.0.1:8080"
api-gateway-1 | 2024/11/22 22:57:04 [warn] 39#39: *97758 [lua]
plugin.lua:1174: run_plugin(): key-auth exits with http status code 401,
client: 172.18.0.1, server: _, request: "GET / HTTP/1.1", host: "127.0.0.1:8080"
api-gateway-1 | 172.18.0.1 - - [22/Nov/2024:22:57:04 +] 127.0.0.1:8080
"GET / HTTP/1.1" 401 52 0.006 "-" "curl/8.2.1" - - - "http://127.0.0.1:8080";
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
Re: [I] bug: Vault Secret Engine Issue LUA Trust Certificates [apisix]
GrayHatLabs commented on issue #11720: URL: https://github.com/apache/apisix/issues/11720#issuecomment-2471207862 > This issue may will help you:#11657 > > Adding this config block to config.yaml: > > ``` > apisix: > ssl: > ssl_trusted_certificate: /etc/ssl/certs/ca-certificates.crt > ``` Thank you I will try this. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [I] bug: Vault Secret Engine Issue LUA Trust Certificates [apisix]
HuanXin-Chen commented on issue #11720: URL: https://github.com/apache/apisix/issues/11720#issuecomment-2463640503 This issue may will help you:https://github.com/apache/apisix/issues/11657 Adding this config block to config.yaml: ``` apisix: ssl: ssl_trusted_certificate: /etc/ssl/certs/ca-certificates.crt ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
