Unable to configure my service for https

Hi All,

I am following the documentation of Kong(version: 1.4.X) to configure https. But it is not working
https://docs.konghq.com/1.4.x/proxy/#configuring-ssl-for-a-route

The following are the steps that I followed:

  1. Generated self signed crt file:
    openssl genrsa -out cert.key 2048
    openssl req -new -key cert.key -out cert.csr
    openssl x509 -req -days 365 -in cert.csr -signkey cert.key -out cert.crt

  2. Ran the following:
    curl -i -X POST http://localhost:8001/certificates
    -F “cert=@/path/to/cert.crt”
    -F “key=@/path/to/cert.key”
    -F “snis[]=ssl-myhostname”

  3. curl -i -X POST http://localhost:8001/routes
    -d ‘hosts=ssl-myhostname’
    -d ‘service.id=5c31bce9-ba10-4253-b4bd-d670824c1274’

  4. curl -i https://localhost:8443/
    -H “Host: ssl-myhostname”

The 4th step is giving error:

Blockquote
curl: (60) Issuer certificate is invalid.
curl performs SSL certificate verification by default, using a “bundle”
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn’t adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or --insecure) option.

Please let me know where am I going wrong. Thanks!

cURL don’t trust self signed certificate, please try

curl -i -k https://localhost:8443/ -H “Host: ssl-myhostname”

Or use mkcert for the simplest way


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ