Closed fancy512 closed 7 years ago
Hi Fancy: I have used Kong for a long time ago and maybe I have forgotten the actual reason for this issue. After some initial thought on your issue, I think maybe you should access your api with the following URL: curl -i -k -v https://api.com:8443/ -H "Host: api.com" instead of your original way: curl -i -k -v https://localhost:8443/ -H "Host: api.com". The reason may lie on the SNI check on https access. And for using your api.com instead of localhost, you should add your domain name "api.com" into /etc/hosts or something like that.
Is this similar/identical to https://github.com/Mashape/kong/issues/2337?
@fancy512 can you show us the output of curl localhost:8001/certificates
and curl localhost:8001/snis
?
Closing as stale, after no response. Please feel free to re-open this if there are still pending issues.
@p0pr0ck5 I'm experiencing the same issue.
{"fields":{"cert":"required field missing","key":"required field missing"},"name":"schema violation","code":2,"message":"2 schema violations (cert: required field missing; key: required field missing)"} i got this response.
Hi all, I've same issue here.
So do I
so do i
Hmmm same here.. Any way I can find where kong stores the final nginx.conf
file in the docker container?
So I do
Please open a new issue. Let's avoid resurrecting old threads.
I added a custom certificate to kong, but it did not seem to work !
1.Use the following steps to create a custom certificate: a,openssl genrsa -des3 -out server.key 2048 b,openssl req -new -key server.key -out server.csr -sha256 c.cp server.key server.key.org d,openssl rsa -in server.key.org -out server.key e.openssl x509 -req -in server.csr -signkey server.key -out server.crt -sha256
2.Upload SSL certificate and key via the Admin API: curl -i -X POST http://localhost:8001/certificates \ -F "cert=@/usr/local/kong/ssla/server.crt" \ -F "key=@/usr/local/kong/ssla/server.key" \ -F "snis=api.com"
3.Add api: curl -i -X POST http://localhost:8001/apis \ -d "name=ssl-api" \ -d "upstream_url=http://my-api.com" \ -d "hosts=api.com"
4.Visit this api: curl -i -k -v https://localhost:8443/ \ -H "Host: api.com" There is a part of the response information: Connected to localhost (127.0.0.1) port 8443 (#0)
Based on this information I found that my custom certificate does not seem to work , Then I checked the kong default path '' / usr / local / ssl '' under the certificate, through the command: '' openssl x509 -in admin-kong-default.crt -text -noout ''. Then I got some messages: Certificate: Data: Version: 1 (0x0) Serial Number: 14431384435248772324 (0xc84693aee01ab4e4) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=California, L=San Francisco, O=Kong, OU=IT Department, CN=localhost Validity Not Before: Mar 13 01:45:51 2017 GMT Not After : Apr 12 01:45:51 2017 GMT Subject: C=US, ST=California, L=San Francisco, O=Kong, OU=IT Department, CN=localhost
This time I feel my certificate seems to have no effect, the work seems to be kong default certificate, I do not know my order is not in addition to the problem. I did not change any configuration file, are the default, configuration Does the file need to be changed ?
Thank you !