-
Notifications
You must be signed in to change notification settings - Fork 344
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enabling mtls create issue with https web service #1771
Comments
Hello @jeroiraz ! Any news about this issue? |
Thank you for the reply @jeroiraz ! FYI as a workaround I exposed the UI under an NGINX (in this way I'm able to access with HTTPS) and the connection with the postgres protocol under the pgbouncer (in this way I'm able to connect with postgres in TLS). |
Hi @jeroiraz do you think in version 2.x will be the possibility to access in mTLS both the Web UI and the ImmuDB database with the immuadmin and immuclient command line clients? |
What happened
Hello, I tried to enable mtls on immudb but I encountered some issue. In particular, I've executed the script
./generate.sh example.com testpsw
present in immudb repo. In immudb.toml I've set:In particular the certificate and the key are the one present in folder
/mtls/3_application
.Then, by checking the connection with immuadmin with the complete string as the following:
I'm able to connect correctly. The certificate and key used now, are the one in
/mtls/4_clients
.I tried also the following curl from my shell:
And the response has been positive.
At this point, I've to connect against web server in HTTPS. I've imported the certificate in my browser in p12 format by executing the following command in /mtls/4_clients:
I've also imported the CA chain certificate. However, if I try to login in HTTPS (https://example.com:8080) I encoutered the following error:
And from the logs I've checked the following error:
The IP showed is the one of my client, so it is exactly the https connection.
What you expected to happen
I expect that HTTPS works fine after I've imported the client certificate.
How to reproduce it (as minimally and precisely as possible)
Some steps to follow are present in the description of the issue.
Environment
Additional info (any other context about the problem)
The text was updated successfully, but these errors were encountered: