semaphore icon indicating copy to clipboard operation
semaphore copied to clipboard
verified publisher icon semaphoreui

Question: TLS Verification Disable

Open allebone opened this issue 1 year ago • 2 comments

Question

Howdy! We're attempting to connect Our current Semaphore Implementation to our internal Keycloak Server. As my business uses a Private CA, not self-signed, but an internally managed CA...the certificate for OIDC is showing as invalid TLS, and preventing connection.

Is there an Environment Variable for disabling downstream TLS checking?

or

Is there a standardized way to add Root Certs when the container is running as a non-privileged users in this case?

Related to

Configuration

allebone avatar Aug 26 '24 19:08 allebone

Hi, I am having same issue. Did you manage to find a proper workaround? I will add my CA to semaphore docker image, but it seems a bit hacky.

OctoNezd avatar Sep 17 '25 16:09 OctoNezd

Yes, didn't find any other option than adding the CA to the container unfortunately.

Something like:

  • mapping the CA file in the container under /usr/local/share/ca-certificates/yourCA.crt
  • Adding a post_start hook for the container (in case of docker compose, as an example)
post_start:
   - command: 'apk add ca-certificates && update-ca-certificates'
     user: root

(the example uses apk because the semaphore image as the time of writing is based on Alpine Linux)

It would still be better to have a less cumbersome and more stable solution (a way for semaphore to import the file

Romloader avatar Nov 10 '25 12:11 Romloader