SSL certificate from own CA

sirtoobii / vaultwarden_ldap_sync

Autmatically keep ldap in sync with your Vaultwarden installation

GNU General Public License v3.0

10 stars 7 forks source link

SSL certificate from own CA #1

Closed Fe3lApAcUt closed 1 year ago

Fe3lApAcUt commented 1 year ago

Hey

I receive an error when starting docker with the following message:

2023-11-03:16:51:48 ERROR [sync.py] Something went wrong. Error: HTTPSConnectionPool(host='xx.domain.loc', port=443): Max retries exceeded with url: /admin/users (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1123)')))

We have our own internal CA and need to provide the root certificate to the docker I think. Can this be done in you project?

BR Marcel

sirtoobii commented 1 year ago

Hey,

Yes this should theoretically be possible without changing the code (untested):

Bind mount your CA bundle into the docker container
Point the REQUESTS_CA_BUNDLE env var to you bind mounted CA bundle inside the container.

Fe3lApAcUt commented 1 year ago

Thanks, @sirtoobii! This is working. Here is what I did:

mkdir data/ssl
copied the root CA certificate (rootca.crt)
added "REQUESTS_CA_BUNDLE=/data/ssl/rootca.crt" to .env
docker compose up -d

log showed: 2023-11-06:08:18:29 INFO [sync.py] Starting... 2023-11-06:08:18:29 INFO [sync.py] DRYRUN: True 2023-11-06:08:18:29 INFO [sync.py] LDAP server: xxx.xxx 2023-11-06:08:18:29 INFO [sync.py] Vaultwarden url: https://vw.xxx.xxx 2023-11-06:08:18:29 INFO [sync.py] Invite user xxx@xxx.ch

BR Marcel