search

open-formulieren / open-forms

Smart and dynamic forms
https://open-forms.readthedocs.io
Other
36 stars 26 forks source link

Certificate verify failed: self signed certificate in certificate chain #3496

Open LaurensBurger opened 1 year ago

LaurensBurger commented 1 year ago

Product versie / Product version

2.2.2

Omschrijf het probleem / Describe the bug

sentry: 337858

sergei-maertens commented 1 year ago

Are all the intermediate certificates present? Is the root certificate added to our trust store?

I can see from the Sentry traceback that a server certificate was uploaded for StUF-BG on this instance, and that causes the "global defaults" to be overridden. In those situations, typically you need:

  1. Have the certificate chain with service certificate + intermediates configured (uploaded in the admin)
  2. Add the root certificate (if it's private/self-signed) to the trust store via the self-signed configuration

The root certificate in the trust store will then validate that the intermediates are valid, which each validate the next certificate up until the certificate of the service itself.

joeribekker commented 1 year ago

Refinement: The only way to make this work is to do a "test-connection" function to see if the connection can be made or not. If not, then theres a bunch of things to look at that can not be captured in a single "thing" to look at. This would benefit from configuration overview improvements.

joeribekker commented 1 year ago

Replacing bug label with improvement because failing things are not always bugs.