What would be great is if there was a simple example of getting upstream ssl verification working on Kong v1.3 via docker.
Has anyone out there had success with this? Would be great if there was a best practice or walkthrough out there.
There seems to be a crossover of what should be configured via the admin api and what should be in configuration when it comes to proxy/ssl certs.
Trying kong v1.3 - and getting 502’s when configuring n upstream with ssl_verify on.
My assumption was that I should do the following.
- posting the client cert + key to /certificates
- associating the right “client_certificate.id” to the service
- posting ca for the upstream cert/key combo into /ca_certificates
Muddying the waters are all the kong vars required and I’ve assumed that these are needed, maybe as fallbacks or defaults?
It’s unclear whether healthchecks.active.https_verify_certificate is using the ca cert provided to /ca_certificates as that fails. So I’ve set that to false and healthchecks work.
Currently cant get past this error.
upstream SSL certificate verify error: (20:unable to get local issuer certificate) while SSL handshaking to upstream,
Have tested manually with curl to the upstream, with all the same certs loaded. Will keep trying, but thought I’d ask around the community