Closed aperiodicchain closed 6 months ago
Thanks for opening this issue @aperiodicchain, we are investigating if this is possible. I don't see a reason why it shouldn't be, but I haven't found anything specific yet. I will get back to you once we have something useful.
I am not sure if this should be set on Node-RED level or on the S3 library/node itself?
@aperiodicchain, @trajche after a thorough investigation, it turns out that it is not that simple to implement this, at least from the resources I found and tried out. I will keep this issue open, since I'll further research this topic, but I think we all agree that it is not a wise idea to trust these kind of certificates. However, you can make it work for now is with two approaches. I would highly recommend AVOIDING the FIRST one and USING the SECOND apporach.
NODE_TLS_REJECT_UNAUTHORIZED=0
export NODE_TLS_REJECT_UNAUTHORIZED=0
for UNIX based systems, and set NODE_TLS_REJECT_UNAUTHORIZED "0"
for Windows systems. Other way is to specify this envVar before running Node-RED in the following manner NODE_TLS_REJECT_UNAUTHORIZED=0 node-red
or as alternative this can be set in the settings.js
by inserting process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
before the module.exports
line. More details on this approach can be found hereNODE_EXTRA_CA_CERTS=/path/to/minio/public.crt
(RECOMMENDED)settings.js
or via Node-RED itself. It has to be set before running Node-RED. It can be set in the same manner as before, by exporting it for the sessionexport NODE_EXTRA_CA_CERTS=/path/to/minio/public.crt
/ set NODE_EXTRA_CA_CERTS "/path/to/minio/public.crt"
or by setting it before running Node-RED NODE_EXTRA_CA_CERTS=/path/to/minio/public.crt node-red
. More info for this variable can be found here. If you have multiple certificates that you want to trust, they can be concatenated into one .pem
. For more information on this please see this explanation and the link referenced by it. @rristov60 Thanks for your thorough investigation! Since I am also using public endpoints I clearly opted for the recommended 2nd suggestion to add my local self signed cert.
I simply had to add this to my node-red Dockerfile:
USER root
ADD .secrets/public_mesh.crt /usr/local/share/ca-certificates/
RUN update-ca-certificates
I can successfully connect now.
Hi, I am having a local Minio installation with TLS/SSL enabled on
https://192.168.1.1:9000
This certificate is self signed, so I get the below error message from the "Put Object" node.In Minio there is a
--insecure
flag that bypasses verification of the certificate against a thrust store. Is there a way to achieve the same here, without having to revert the whole Minio deployment to plain http?