sentry_exporter icon indicating copy to clipboard operation
sentry_exporter copied to clipboard

Published 20 hours ago verified publisher icon snakecharmer

Skip tls verify

Open AlexZalyalowa opened this issue 4 years ago • 2 comments

Hello. I have s self-sighnet sertificate on sentry server and I get this error while trying to use exporter

time="2020-12-21T16:01:12Z" level=warning msg="Error for HTTP request to catman-front: Get \"https://my_server/api/0/projet/stats/\": x509: certificate signed by unknown authority" source="http.go:57"

Can I skip tls verify some how?

AlexZalyalowa avatar Dec 21 '20 16:12 AlexZalyalowa

Hi, did you manage to resolve this?

hestiacloud avatar Sep 20 '21 08:09 hestiacloud

We managed to fix this problem. For anyone struggling with this , the following were the steps we followed:

  1. Download the self-signed root ca of our self-hosted Sentry via Chrome (you can follow https://medium.com/@menakajain/export-download-ssl-certificate-from-server-site-url-bcfc41ea46a2 . We saved it in base64 format. That will require you to use PEM in the next command.)
  2. Covert the downloaded file from .cer to .crt by running openssl x509 -inform PEM -in ../cert.cer -out ../sentry-cert.crt ( you might need either PEM or DER https://stackoverflow.com/questions/642284/do-i-need-to-convert-cer-to-crt-for-apache-ssl-certificates-if-so-how
  3. Move this file to the host that the sentry exporter is running on (in our case just a linux machine, for docker you might need to follow different steps?)
  4. Ensure that the cert is moved to /etc/pki/ca-trust/source/anchors/
  5. Run update-ca-trust extract command
  6. Try the curl without -k and it is all working well. If you have any issues make sure that you've downloaded the root ca.

hestiacloud avatar Sep 21 '21 10:09 hestiacloud