support for self signed certificates

[warroyo]

is there a way to skip ssl cert validation? we have a proxy that has a self signed cert on it and this will cause the download to fail with the error

error running command: Get https://api.github.com/repos/enaml-ops/omg-cli/releases: x509: certificate signed by unknown authority

can an option be added to ignore this?

[concourse-bot]

Hi there!

We use Pivotal Tracker to provide visibility into what our team is working on. A story for this issue has been automatically created.

The current status is as follows:

• [ ] #132360797 support for self signed certificates

This comment, as well as the labels on the issue, will be automatically updated as the status in Tracker changes.

[vito]

How does the proxy work? Would this basically be 'skip all SSL verification' or 'allow configuring CA certs'? The domain likely won't match the cert, so it may be the former, which is a bummer.

[warroyo]

@vito im not exactly sure how the proxy works, I know it is doing ssl inspection which is likely where the issue comes from. Being able to specify certs to trust should work, however it may be better to just ignore all ssl in case other people's situations are different and specify certs will not work. either option should fix the issue for my use case though.

[bendodd]

@vito For our usecase it would be great to get 'skip all SSL verification' as an option [as per the git resource]

[chendrix]

needs concourse/concourse#1027

[akamalov]

@vito @andrewedstrom Is there any workaround for this? Our project completely stall if self-signed certs are not supported by Concourse.

[radoslav-d]

Hello there, I am experiencing the same problem in my project CI/CD. Is there an existing solution or workaround?

Initially the check step was failing with the same error. After I added insecure: true parameter in the source configuration, the check passed. However, the in is failing.

Any help will be much appreciated! Best regards!