Self-Signed HTTPS error when adding resources via kbs-client #641
Labels
bug
Something isn't working
Comments
|
There are a couple of workarounds. Of course you can turn off https entirely. You can also provision resources by directly adding them to the resource storage. To do this you can do something like There is no setting to disable self-signed certificates. If you have a problem with self-signed certs, you can disable https, use a cert signed by a CA (probably not feasible), or sort out the issue with the cert. I haven't tried setting resources with HTTPS enabled. I might have time to reproduce but I am about to go on vacation. Maybe @Xynnn007 can help. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
When having HTTPS enabled for communication with the KBS, I cannot add resources to Trustee using kbs-client. It seems there is an issue with using self-signed HTTPS certificates although the docs suggest we use those for testing purposes. Is it possible that there is a setting that disallows self-signed certificates when adding or requesting resources? This error does not happen when contacting the auth and attest endpoints.
How to reproduce
Error: error sending request for url (https://127.0.0.1/kbs/v0/resource/default/test/dummy)
Caused by:
0: client error (Connect)
1: error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:2091: (self-signed certificate in certificate chain)
2: error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:2091:
CoCo version information
trustee v0.10.1
What TEE are you seeing the problem on
None
Failing command and relevant log output
No response
The text was updated successfully, but these errors were encountered: