You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am running a Trino cluster in k8s. It has a self signed certificate, whenever I am adding a backend I am getting below error. Please point me to correct direction for a fix.
curl: (60) SSL certificate problem: self-signed certificate in certificate chain
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
If I am trying to curl my Trino cluster from Trino gateway pod curl https://mytrino.com/v1/info fails
but curl -k https://mytrino.com/v1/info 200 ok
Is there way to control curl -k via config.
Thanks
Any help is appreciated
The text was updated successfully, but these errors were encountered:
@Nexengineer One option I can think of is by adding the self-signed certificate CA to default Java keystore(JAVA_HOME/jre/lib/security/cacerts) or system truststore in the pod.
@avinashdesireddy I was able to resolve it by creating a custom image details are attached below
FROM trinodb/trine-gateway:8
RUN mkdir -p /etc/pki/ca-trust/extracted/pem/ && \
mkdir -p /etc/pki/ca-trust/extracted/openssl/
USER root
RUN mkdir -p /tmp/certs
WORKDIR /tmp/app
COPY ca.pem /tmp/app/ca.pem
# For health using curl
RUN cat /tmp/app/ca.pem >> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
RUN cat /tmp/app/ca.pem >> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
# For calling actual enviroment
COPY ca.cer $JAVA_HOME/lib/security
RUN \
cd $JAVA_HOME/lib/security \
&& keytool -keystore cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias ldapcert -file ca.cer
Hi,
I am running a Trino cluster in k8s. It has a self signed certificate, whenever I am adding a backend I am getting below error. Please point me to correct direction for a fix.
If I am trying to curl my Trino cluster from Trino gateway pod
curl https://mytrino.com/v1/info
failsbut
curl -k https://mytrino.com/v1/info
200 okIs there way to control
curl -k
via config.Thanks
Any help is appreciated
The text was updated successfully, but these errors were encountered: