search

ThreeMammals / Ocelot

.NET API Gateway
https://www.nuget.org/packages/Ocelot
MIT License
8.31k stars 1.63k forks source link

who has encountered this problem,The remote certificate is invalid because of errors in the certificate chain: PartialChain #2135

Closed liujian1368928 closed 1 month ago

liujian1368928 commented 1 month ago

question: This should not be a problem with ocelot, I want to know who has encountered this problem, I can not find the corresponding information in our forum, has anyone encountered this problem, I have ssl certificate and configuration, but there will be problems here in ocleot, and other places are normal

ERROR: image TEXT: requestId: 0HN5IQBMV7CUA:00000001, previousRequestId: No PreviousRequestId, message: 'Error Code: ConnectionToDownstreamServiceError Message: Error connecting to downstream service, exception: System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: PartialChain at System.Net.Security.SslStream.SendAuthResetSignal(ReadOnlySpan`1 alert, ExceptionDispatchInfo exception) at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions) at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken) at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)

OCELOT.jSON

    {
      "Routes": [
        {
          "DownstreamPathTemplate": "/order/{url}", ///{matchall}",
          "DownstreamScheme": "https",
          "UpstreamPathTemplate": "/orders/{url}",
          "UpstreamHttpMethod": [ "Get", "Post" ],
          "ServiceName": "OrderService",
          "UseServiceDiscovery": true,

          "LoadBalancerOptions": {
            "Type": "RoundRobin"
          },
          "FileCacheOptions": {
            "TtlSeconds": 3,
            "Region": "order"
          },
          "RateLimitOptions": {
            "ClientWhitelist": [],
            "EnableRateLimiting": true,
            "Period": "1s",
            "PeriodTimespan": 1,
            "Limit": 1
          },
          "QoSOptions": {
            "ExceptionsAllowedBeforeBreaking": 1,
            "DurationOfBreak": 3000,
            "TimeoutValue": 5000
          },

        }
      ],
      "GlobalConfiguration": {
        "BaseUrl": "https://www.liujian520.asia", //I filled in the host domain name after translating the document here
        "ServiceDiscoveryProvider": {
          "Scheme": "http",
          "Host": "www.liujian520.asia",
          "Port": 8500,
          "Type": "Consul"
        },
        "RateLimitOptions": {
          "DisableRateLimitHeaders": false,
          "QuotaExceededMessage": "请求太多了",
          "HttpStatusCode": 999,
          "ClientIdHeader": "Test"
        }
      }
    }