openapi-to-graphql icon indicating copy to clipboard operation
openapi-to-graphql copied to clipboard

Published 20 hours ago verified publisher icon IBM

self signed certificate

Open TomerSalton opened this issue 5 years ago • 6 comments

Describe the bug I have a LB4 application instance, which listens on https; Since it's a development environment, it is signed by a self-signed certificate. When I either try to generate the graphql endpoint or operate it, it fails to communicate with my lb4 app. I think there is a flag missing for trusting a self signed certificate, or maybe I misunderstand regarding how to opreate this tool.

I would appreciate any help.

Thanks, Tomer.

TomerSalton avatar Nov 13 '19 13:11 TomerSalton

@TomerSalton To be honest, I am not too familiar with working with certificates.

We use the request module to make our calls. I found this issue that mentions setting the option rejectUnauthorized to false. While I do not see this option mentioned in the documentation, I think it's worth a shot.

Are you currently using the library or the CLI? If it's the former, we have a requestOptions option that allows you to directly interface with the request module. You can try setting the requestUnauthorized option to false and see if it fixes your problem.

Let me know how it goes!

Alan-Cha avatar Nov 14 '19 16:11 Alan-Cha

I think the requestsOptions that Alan mentions is the way to go here. You can try setting strictSSL to false, which will in turn set rejectUnauthorized to false. Consider the request documentation's note about the SSL option, though:

Note: to use your own certificate authority, you need to specify an agent that was created with that CA as an option.

ErikWittern avatar Nov 16 '19 09:11 ErikWittern

@TomerSalton Were you able to resolve this issue?

Alan-Cha avatar Jan 28 '20 19:01 Alan-Cha

I had the same issue as @TomerSalton , and using the requestOptions did the trick to use a self signed certificate. Here is an example of the configuration I used:

async function startServer() {
...
 const oas = require('./oas.json');
 const {schema} = await OtG.createGraphQLSchema(oas, {
    requestOptions: {
      rejectUnauthorized: false,
      insecure: true,
      strictSSL: false,
    },
  });
...

I just threw all three options rejectUnauthorized, insecure, and strictSSL because for some people some options might work and others won't, as discussed here.

hazi98 avatar Jul 17 '20 21:07 hazi98

Thank you for your help @ErikWittern @hazi98 .

@Alan-Cha - as I am currently not working on it, maybe it is a good idea to close the issue. When I will have the time to test it, if it will not work, I might re-open.

TomerSalton avatar Jul 29 '20 14:07 TomerSalton

@TomerSalton No worries! I'll keep the issue open so that people can continue discussing but do not feel pressured to work on it. I hope that is fine?

Alan-Cha avatar Jul 29 '20 21:07 Alan-Cha