Hi All,
I am following the documentation of Kong(version: 1.4.X) to configure https. But it is not working
https://docs.konghq.com/1.4.x/proxy/#configuring-ssl-for-a-route
The following are the steps that I followed:
-
Generated self signed crt file:
openssl genrsa -out cert.key 2048
openssl req -new -key cert.key -out cert.csr
openssl x509 -req -days 365 -in cert.csr -signkey cert.key -out cert.crt -
Ran the following:
curl -i -X POST http://localhost:8001/certificates
-F “cert=@/path/to/cert.crt”
-F “key=@/path/to/cert.key”
-F “snis=ssl-myhostname” -
curl -i -X POST http://localhost:8001/routes
-d ‘hosts=ssl-myhostname’
-d ‘service.id=5c31bce9-ba10-4253-b4bd-d670824c1274’ -
curl -i https://localhost:8443/
-H “Host: ssl-myhostname”
The 4th step is giving error:
Blockquote
curl: (60) Issuer certificate is invalid.
curl performs SSL certificate verification by default, using a “bundle”
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn’t adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or --insecure) option.
Please let me know where am I going wrong. Thanks!