What are the Slack Archives?

Itโ€™s a history of our time together in the Slack Community! Thereโ€™s a ton of knowledge in here, so feel free to search through the archives for a possible answer to your question.

Because this space is not active, you wonโ€™t be able to create a new post or comment here. If you have a question or want to start a discussion about something, head over to our categories and pick one to post in! You can always refer back to a post from Slack Archives if needed; just copy the link to use it as a reference..

Hi guys, i want to configure our wildcard ssl certificate in local docker env.... i replaced the def

giovanni.piemontese
giovanni.piemontese Spryker Solution Partner Posts: 871 ๐Ÿง‘๐Ÿปโ€๐Ÿš€ - Cadet
in Docker

Hi guys,
i want to configure our wildcard ssl certificate in local docker env.... i replaced the default.crt and default.key with our crt and key files... and adjusted some dn information in v3.ext but when i run the bootstrap command i get always the following error:

Generating a RSA private key
............................+++++
..............................+++++
writing new private key to '/data/deployment/context/nginx/ssl/ssl.key'
-----
Signature ok
subject=C = US, OU = [www.digicert.com](http://www.digicert.com), O = DigiCert Inc, CN = RapidSSL RSA CA 2018
Getting CA Private Key
C = US, OU = [www.digicert.com](http://www.digicert.com), O = DigiCert Inc, CN = RapidSSL RSA CA 2018
error 20 at 0 depth lookup: unable to get local issuer certificate
Taking predefined CA certificate
Generating PFX file for CA to import on client side
Checking certificate chain
error /data/deployment/context/nginx/ssl/ssl.crt: verification failed

I just miss/forget something?! any help would be appreciate.. thanks!

Comments

  • sprymiker
    sprymiker Sprykee Posts: 781 ๐Ÿง‘๐Ÿปโ€๐Ÿš€ - Cadet

    Hello Giovanni,

    What problem do you solve?

  • giovanni.piemontese
    giovanni.piemontese Spryker Solution Partner Posts: 871 ๐Ÿง‘๐Ÿปโ€๐Ÿš€ - Cadet

    Hi Mike, we want just use own ssl certificate for our docker instance... and not the spryker one...

  • sprymiker
    sprymiker Sprykee Posts: 781 ๐Ÿง‘๐Ÿปโ€๐Ÿš€ - Cadet
    edited June 2020

    Hi Giovanni,
    Sorry for delay - a lot of work last days.

    1. It would be interested to see the changes youโ€™ve applied.
    2. It would be good to see the solution if you have the final one already.
    3. Would you be able to give background of the issue and acceptance criteria for the solution for us to implement in docker/sdk?
  • giovanni.piemontese
    giovanni.piemontese Spryker Solution Partner Posts: 871 ๐Ÿง‘๐Ÿปโ€๐Ÿš€ - Cadet

    Hi Mike,
    no problem ๐Ÿ˜‰

    as already described i wanted just run our local docker env with ssl but with own wildcard ssl certificate...

    i replaced the crt and key files under docker/generator/openssl and changed the informations in v3.ext but something not working properly... the verification failed..

    i write in channel if maybe there is a docu how to make this or what we have to take care...

  • sprymiker
    sprymiker Sprykee Posts: 781 ๐Ÿง‘๐Ÿปโ€๐Ÿš€ - Cadet

    Certificate youโ€™ve replaced is CA certificate. And I assume that youโ€™ve replaced it with SSL certificate that should be wrong.

  • sprymiker
    sprymiker Sprykee Posts: 781 ๐Ÿง‘๐Ÿปโ€๐Ÿš€ - Cadet

    So if you have your own SSL certificate - just replace generate.sh with a script that copies them as โ€œ${DESTINATION}/ssl.crtโ€ && โ€œ${DESTINATION}/ssl.keyโ€

  • sprymiker
    sprymiker Sprykee Posts: 781 ๐Ÿง‘๐Ÿปโ€๐Ÿš€ - Cadet
    edited June 2020

    As resume, I would propose the changes in docker/sdk:

    deploy.yml

    docker:
    ssl:
    enabled: true
    certificates:
    - mypath/ssl.crt
    - mypath/ssl.key

    We will consider to put such changes in our backlog

  • sprymiker
    sprymiker Sprykee Posts: 781 ๐Ÿง‘๐Ÿปโ€๐Ÿš€ - Cadet

    @UPZH5HHEV Please, note the case. Thank you very much.

Categories