Configuring SSL - Unable to verify the first certificate

CousinLarry · November 9, 2023, 8:45am

I get this error when using Postman or other command line tools, when verifying SSL they respond “Unable to verify the first certificate”. In the Browser it is fine as I understand browser downloads CAs from the internet.

I have loaded all my CAs into Kong Manager under CA Certificates, but this doesn’t seem to do anything. I have also read that I need to combine my 3 CA certs into a CA-Bundle and define this as part of my docker compose setup. I am not sure then what the CA Certificates section is for in the Kong Manager UI then.

How do I correctly load CAs to Kong to ensure they are sent from Kong itself so I don’t get the error above?

CousinLarry · November 9, 2023, 10:24pm

I have tried to add in my docker compose

KONG_SSL: "on"
KONG_SSL_CERT_CAFILE: /usr/local/kong/ca-bundle.crt

Where ca-bundle.crt is a bundle of all the CA certs my provider gave me, but I still get “Unable to verify the first certificate”. Kong seems to accept the above configuration without any errors in the logs.

Any ideas how I can troubleshoot why CAs aren’t being sent from Kong itself?

Topic		Replies	Views
KGAC-101 Virtual Lab error TLS/SSL Installation/Setup	1	314	July 27, 2023
SSL with Compose / Docker 18 / Kong 0.14 Installation/Setup	0	2347	December 18, 2018
Can't get SSL working with Kong 0.13.0 Installation/Setup	1	2476	May 2, 2018
Kong failed to retrieve events from DB: SSL handshake: 19: self signed certificate in certificate chain Questions	0	538	July 18, 2022
Kong ACME Plugin {"message":"failed to update certificate: acme directory request failed: 20: unable to get local issuer certificate"} Installation/Setup	14	3402	October 27, 2020

Configuring SSL - Unable to verify the first certificate

Related Topics