How to: enable HTTPS endpoint for SG 3.1

fabiosst · June 22, 2023, 8:08pm

Hi all,

I’m using SG 3.1.0 and I’m using certificates signed by our own CA.
When using ISGR, I want to use HTTPS protocol for the remote target.

Actually when I set the https protocol I get the “X.509 Certificate Signed by Unknown Authority” error and the replication doesn’t start.
When using the HTTP I have no problems.

Here it is a sample of my bootstrap configuration:

bootstrap: {
      ca_cert_path: "string",
      password: "string",
      server: "string",
      username: "string"
},
api: {
      admin_interface: "127.0.0.1:4985",
      metrics_interface: "127.0.0.1:4986"
}

How can I achieve the use of HTTPS?

In the 2.8 version I’ve read about “SSLCert” and “SSLKey” field.
What fields should I set on the remote SG in the bootstrap configuration? (I already use ca_cert_path with our own CA)

mreiche · June 23, 2023, 12:14am

I’m using SG 3.1.0 and I’m using certificates signed by our own CA.
Actually when I set the https protocol I get the “X.509 Certificate Signed by Unknown Authority” error

It sounds like the ‘client’ does not recognize your CA as a valid CA. Typically, the solution is to make the root CA certificate accessible to the client. That would be bootstrap.ca_cert_path.

And the client certificate would be bootstrap.x509_cert_path.