Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Custom CA root certificate support #5294

Closed
ed-at-work opened this issue Dec 4, 2019 · 0 comments · Fixed by #5295
Closed

Custom CA root certificate support #5294

ed-at-work opened this issue Dec 4, 2019 · 0 comments · Fixed by #5295
Assignees
@shivlaks
Labels
bug This issue is a bug. in-progress This issue is being actively worked on. needs-triage This issue or PR still needs to be triaged. package/tools Related to AWS CDK Tools or CLI

Comments

@ed-at-work
Copy link
Contributor

Many large companies force developers to connect to services like AWS through an SSL proxy. Command line programs like the CDK won't be able to connect to AWS without establishing trust with the proxy certificates.

Several folks have created issues recently in the JS SDK describing issues with the CDK, JS SDK, and transparent SSL proxies:

aws/aws-sdk-js#2902
aws/aws-sdk-js#2970

#2902 issue was migrated from the CDK repository.

I have a PR ready that provides support for specifying a custom CA root certificate via two mechanisms: as a command line option --ca-bundle-path or as an environment variable AWS_CA_BUNDLE.

Reproduction Steps

In order to reproduce, you will need a transparent HTTPS proxy that generates certificates on-the-fly using a custom CA. You can mimic this yourself using the open source mitmproxy software.

Error Log

See the example error in aws/aws-sdk-js#2902

Environment

  • CLI Version : master
  • Framework Version: master
  • OS : macOS
  • Language : javascript

This is 🐛 Bug Report
@ed-at-work ed-at-work added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Dec 4, 2019
@ed-at-work ed-at-work mentioned this issue Dec 4, 2019
Merged
@SomayaB SomayaB added in-progress This issue is being actively worked on. @aws-cdk/aws-certificatemanager Related to Amazon Certificate Manager labels Dec 4, 2019
@rix0rrr rix0rrr added package/tools Related to AWS CDK Tools or CLI and removed @aws-cdk/aws-certificatemanager Related to Amazon Certificate Manager labels Dec 12, 2019
@rix0rrr rix0rrr assigned shivlaks and unassigned rix0rrr Dec 12, 2019
rix0rrr pushed a commit that referenced this issue Dec 20, 2019
@ed-at-work @rix0rrr
feat(cli): support custom CA certificate bundles
ac748c1 
Some large orgs enforce HTTPS proxies to communicate with services, which means they often have internal certificate authorities that generate leaf certificates on the fly. This commit adds basic support for specifying a root CA certificate for trust.

Fixes #5294
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shivlaks shivlaks

Labels
bug This issue is a bug. in-progress This issue is being actively worked on. needs-triage This issue or PR still needs to be triaged. package/tools Related to AWS CDK Tools or CLI
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(cli): support custom CA certificate bundles ed-at-work/aws-cdk
4 participants
@rix0rrr @ed-at-work @SomayaB @shivlaks