To enable the SSL verification of the upstream server, I have the following configuration
KONG_NGINX_PROXY_PROXY_SSL_VERIFY=on
KONG_NGINX_PROXY_PROXY_SSL_VERIFY_DEPTH=2
KONG_NGINX_PROXY_PROXY_SSL_TRUSTED_CERTIFICATE=/opt/tls/ca_certificates.pem
ca_certificates.pem is a single file containing multiple ca certs in PEM format
If I enable healthchecks.active.https_verify_certificate, health check fails with following error:
*39555 [lua] healthcheck.lua:1094: log(): [healthcheck] (auth-upstream) failed SSL handshake with (x.x.x:x: 443)’: 19: self signed certificate in certificate chain, context: ngx.timer
I have added the CA who signed the server certificate to the KONG_NGINX_PROXY_PROXY_SSL_TRUSTED_CERTIFICATE
I even tried by providing ca-certificates in crt format, the Kong is failing to trust the CA certificates provided.
Any suggestion on how to fix this would be helpful, Thanks!