Kong Upstream SSL Error

To enable the SSL verification of the upstream server, I have the following configuration

KONG_NGINX_PROXY_PROXY_SSL_VERIFY=on
KONG_NGINX_PROXY_PROXY_SSL_VERIFY_DEPTH=2
KONG_NGINX_PROXY_PROXY_SSL_TRUSTED_CERTIFICATE=/opt/tls/ca_certificates.pem

ca_certificates.pem is a single file containing multiple ca certs in PEM format

If I enable healthchecks.active.https_verify_certificate, health check fails with following error:

*39555 [lua] healthcheck.lua:1094: log(): [healthcheck] (auth-upstream) failed SSL handshake with (x.x.x:x: 443)’: 19: self signed certificate in certificate chain, context: ngx.timer

I have added the CA who signed the server certificate to the KONG_NGINX_PROXY_PROXY_SSL_TRUSTED_CERTIFICATE

I even tried by providing ca-certificates in crt format, the Kong is failing to trust the CA certificates provided.

Any suggestion on how to fix this would be helpful, Thanks!


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ