SSL certificate problem: self signed certificate in certificate chain
mazbeh opened this issue · 4 comments
Hello guys,
this is maybe an old matter but i am facing it and i dont know how to solve it.
I have two servers. On one of them runs an App that is secured behind apache as reverse proxy and on the other server runs keycloak as the authorization server.
Both of the servers are running under https and they uses my CA Certs and i can access them without problem in browser. But after loging in the App ( the user comes from the keycloak server), i got the following error in the server log in which the App is running:
oidc_util_http_call: curl_easy_perform() failed on: https://keycloak.xxxx:8443/auth/realms/xxxx/protocol/openid-connect/token/introspect (SSL certificate problem: self signed certificate in certificate chain), referer: https://App.xxxx/x/admin/users
in the apache config file ( apache runs as docker contianer ) i have already set the followings:
SSLProxyCACertificateFile "/keycloak-cabundle.pem"
and even:
OIDCSSLValidateServer Off !!!!!!
But i get still the same problem.
I am not sure, if i am posting this topic in the right place but it would be freundly , if you could give me some tipps ;)
Thanks alot !
Hi mazbeh. Did you find a solution to your problem?
For token introspection (i.e. an OAuth 2.0 RS setup) there's a separate OIDCOAuthSSLValidateServer
setting though it is superseded by mod_oauth2 for that use case.
@zandbelt thanks alot for your tips !!!
@marcstern yes , the error has been solved , thanks ! sorry, i had forgot to let you know -_-