Enable https scheme for Vault

Question

Enable https scheme for Vault

Closed this issue 5 years ago · 1 comments

Hi, I was wondering if it was possible to use a -tls-skip-verify flag or pass the CA certificate for Vault through an environment variable?

If I target an https endpoint for Vault (which is using a self-signed certificate), I get the following error in the stack trace:

org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://x.x.x.x:8200/v1/auth/token/lookup-self": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

The Deployment config is:

env:
        - name: KUBERNETES_VAULT_URL
          value: "https://x.x.x.x:8200/v1/"
        - name: KUBERNETES_VAULT_TOKEN
          value: "45WSJG5RRcu51pgnAa3B59F0"

Answer 1 · 2018-12-16T12:10:57.000Z

Hi @dansible,

I'll have a look next week. The easiest one is, if you apply your Certificates to the Java Keystore.
As you told I'll have a look to implement a skip verification flag.

Cheers,
Björn