anonymouse64
commented
5 years ago @tingyuz this is the issue I spoke about over Rocket.Chat and should be considered a blocker for Delhi.
Closed anonymouse64 closed 5 years ago
anonymouse64
commented
5 years ago @tingyuz this is the issue I spoke about over Rocket.Chat and should be considered a blocker for Delhi.
tingyuz
commented
5 years ago we were planning to switch the cert from default to kong specific (created by vault) and the related code was updated as a result. I will have a PR to restore the logic back same as California.
anonymouse64
commented
5 years ago This has been fixed for Delhi with #31, now just needs to be forward-ported to master for Edinburgh
The
edgexproxybinary no longer configures Kong to use SSL certificates that were generated by thepkisetupbinary from security-secret-store from this change: https://github.com/edgexfoundry/security-api-gateway/commit/3f9f9deca250f68b56e8c8e2c54d54048e1c024a#diff-711007c703bd39258a3323751c269e25R51This means that when you deploy EdgeX using the security services, the SSL certificate presented by kong isn't signed by the Trust CA as it should be (and as it was with California).