On MacOS, the cli container can't access a specific https address. Getting SSL handshake error. Any

U01LKKBK97T

On MacOS, the cli container can't access a specific https address. Getting SSL handshake error. Any idea?

Alberto Reyer

Maybe outdated SSL cipher suite on the server?

Do you access the https endpoint via curl or via php (through file handlers for example)?
Can the https endpoint be accessed in your browser? And via docker/sdk cli curl <endpoint>
You could also use docker/sdk cli openssl s_client -connect <endpoint>:443 -prexit -showcerts to see a more detailed view on why the SSL handshake is failing

U01LKKBK97T

Turns out it's due to an invalid certificate.
I imported the certificate on my host and made it trust it. But still, the docker container doesn't want to connect. Did I miss to restart something?

Alberto Reyer

Importing it on your host will not help in these case.
If you are using curl in PHP (e.g.: through guzzle) you can set those two parameters to ignore the SSL validation, please make sure to keep that for your local development only:

curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);

Alberto Reyer

(Background, docker is a linux system running on your host, on mac and windows it will not use the same certificate storage as your host system, on linux you could at least mount your certificates into docker. You could import the self signed certificate during the docker build process to make it available in your docker container. But to my knowledge there is no easy possibility to do so with the docker/sdk from Spryker)

U01LKKBK97T

Thx for clarification.