I configured an API to forward request to a https endpoint with self-signed certificate.
I had run sudo update-ca-trust extract to import the server cert into trusted CA certificate list.
When I post data to the API, the gateway report following errors. Did I miss anything?
**time=“Jun 19 19:02:39” level=error msg=“http: proxy error: x509: certificate signed by unknown authority” api_id=dbeafd89453e4e585352c157e14cc73f org_id=58bf95007ff2d80b7925393a server_name=api.geo.myfriso.com user_id=“****6209” user_ip=52.80.10.232 user_name=kid-debug ** time=“Jun 19 19:02:39” level=error msg=“request error: There was a problem proxying the request” api_id=dbeafd89453e4e585352c157e14cc73f org_id=58bf95007ff2d80b7925393a path=“/friso/mobile/” server_name=“https://api.geo.myfriso.com” user_id= user_ip=52.80.10.232
if you are running on v2.3.5 there is an option you can set in your Gateway config, setting proxy_ssl_insecure_skip_verify to true will skip SSL check for upstream APIs with self-signed certificates.
Please note that this applies to all APIs so if you don’t want to use this for all of your APIs you should not use self-signed certificates.
proxy_ssl_insecure_skip_verify should go in the root and not inside http_server_options (ssl_insecure_skip_verify is correct though).
Apologies for the confusion in our documentation, it will be fixed in the next deployment.
Hi Kos,
I have use case where the company has their own Enterprise CA that’s used to sign all the SSL cert.
Is there anyway to trust this enterprise CA instead of configuring proxy_ssl_insecure_skip_verify=true ?