graphql-engine icon indicating copy to clipboard operation
graphql-engine copied to clipboard

Published 20 hours ago verified publisher icon hasura

SSL for self signed on prem env error.

Open benshalev849 opened this issue 11 months ago • 1 comments

Version Information

latest v2.45.1

Environment

on-prem on openshift.

What is the current behaviour?

When creating event and triggering it the response is as following: "Internal error: HandshakeFailed (Error_protocol \"certificate rejected: [InvalidSignature SignatreInvalid]\" CertificateUnknown) "type": "client_error", "version": "2"

When doing curl in the pod itself. curl <server> --capath /etc/ssl/certs or curl <server> --cafile <file_path> it also works, also openssl s_client <server>:443 -CAfile <file_path>.

What is the expected behaviour?

The event to work and trigger creating a PUT request to the webhook.

How to reproduce the issue?

  1. Create a webhook in an on-prem self signed env.
  2. Create the event
  3. Trigger it.

Any possible solutions/workarounds you're aware of?

I have tried the following: (all operations i have used a bundle of ca certs that works in all of our env.) Mounting to /etc/ssl/certs Mounting to /etc/ssl/certs/ca-certificates.crt Using TLS allow list in UI Using tls verify false in env Using HASURA_GRAPHQL_CERTIFICATE_AUTHORITY=/certs/mycrt.crt

benshalev849 avatar Jan 05 '25 11:01 benshalev849

I have reported this to the engine team.

seanparkross avatar Jan 06 '25 11:01 seanparkross