Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSL certificate verification issue #127

Closed
discobean opened this issue Jul 12, 2016 · 6 comments
Closed

SSL certificate verification issue #127

discobean opened this issue Jul 12, 2016 · 6 comments
Labels

Comments

@discobean
Copy link

discobean commented Jul 12, 2016

Hi,

The endpoint of my backend is like so: https://1.2.3.4

And whenever I request this I get an error:
2016/07/12 16:56:22 http: proxy error: x509: cannot validate certificate for 10.90.12.10 because it doesn't contain any IP SANs

I know this is because the cert verification issue. (The server does not have a cert for 1.2.3.4, but has one for mydomain.com)

Is there some way I can pass in a hostname, or use the hostname that the client requested (mydomain.com) when passing the request to the backend? Alternatively, is there a way to disable the verification of the cert (prefer not to)?

Both the fabio server and the backend are using the same server certificate.

@magiconair
Copy link
Contributor

You should be able to register your service under https://mydomain.com as long as fabio can resolve that name to 1.2.3.4. From your setup I'm assuming that you are forwarding to an HTTPS backend. I've never tested that.

@discobean
Copy link
Author

Yes that is correct, if the service is registered under the domain using HTTPS the problem goes away.

The SSL certificate and site responds to just one domain (mydomain.com) and doesn't work against the hostname of the server (site just redirects to mydomain.com). This is a problem when there is more than 1 backend.

I was looking for a workaround, maybe the solution is an option to ignore SSL verification.

@discobean
Copy link
Author

I think this could also be solved with issue #1 being implemented, and just use TCP with passthrough direct to the backend

@magiconair
Copy link
Contributor

Yes, #1 will fix that.

@magiconair
Copy link
Contributor

@discobean #1 has bee merged to master and is in 1.3. Can we close this one?

@discobean
Copy link
Author

Closing it now, thanks so much!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants