-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error: Unable to get local issuer certificate #14
Comments
Hey, thank you for reporting this. Do you need an option to provide a certificate, or, as a workaround` a kind of "insecure" mode (see for example https://curl.se/docs/manpage.html#-k) to skip verifying a sever certificate? |
Hey, both options are actually interesting. The "insecure" mode for testing purposes comes in very handy, however for more "productive" environments the use of a proper secured connection still is a requirement for many. |
Making sure that the .pem certificate file was also in my current directory which is mounted on the docker image and then passing the docker run -it -v $PWD:/vault-sync -e SSL_CERT_FILE='/vault-sync/.certs/company-ca-bundle.pem' pbchekin/vault-sync:0.8.0 vault-sync --config /vault-sync/vault-sync.yaml output
I still have another error retrieving the secrets from the source Vault but this is another issue that I have to check. |
I have the same issue with an Openshift/ArgoCD deployment using the HELM implementation, I tried to create a secret with CA Cert of my company to implement it as a volume into the deployment. I tried to do the modification directly in the deployment but could not afford it. |
Here is the logs:
here is my values:
|
@lololastico74 it should be possible with the latest version (0.1.3) of the Helm chart: First, you need to make sure you have a Kubernetes secret with the certificate, for example:
Then you need to provide the following additional chart values:
Let me know if that works for you. |
Hi,
I've configured the vault-sync.yaml file as follows (just leaving the fields with an actual value set) :
I then try to run the install with :
docker run -it -v $PWD:/vault-sync pbchekin/vault-sync:0.8.0 vault-sync --config /vault-sync/vault-sync.yaml
Giving the output :
The connection to the source Vault which is using HTTP doesn't have any issue (it would seem). However, the connection to the target Vault which is restricted to HTTPS only fails because the "local issuer certificate" cannot be accessed.
How could I provide the "local issuer certificate" when installing ?
P.S: I've tested connecting directly on the target Vault UI with the token I provided in vault-sync.yaml and was able to login.
Thank you.
The text was updated successfully, but these errors were encountered: