New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tls-config node local file issue #4574
Comments
Please complete the final section of the template and provide all the version information. |
Out of interest why do you need to set a CA certificate file if you have "verify server certificate" unchecked? With that unchecked you are saying you don't care about verifying the server cert so there is no need to provide a CA cert to check it against. Not saying we shouldn't look at this, just trying to understand what you are trying to achieve here. |
It is a work around to make it function. The only reason we found the work around is because it is the only work around that works for Docker. A restart does not fix the issue with Docker. |
If you uncheck the "Use keys and certs from local files" and "Verify server certificate" does it work (it should because it shouldn't verify the server cert at all) |
Also since this is running in docker, have you actually mounted the file to |
Please also include the container logs from a restart that shows the problem. And the full |
I did not pick up on that in your first comment. Yes, it does work. This was done 2 or so years ago in V2.2.2 and I'm not sure how it ended up with a CA cert it did not need and unchecked "Verify server certificate". It never appeared to be an issue until the flow was used in the Docker container. |
Just to be clear did you change the flow at all when you moved it to the docker container? You can't just copy/paste a flow into a Node-RED instance running in Docker if it depends on external files and expect it to just work. |
To be clear we changed certificates along the way (I believe we changed from self-signed to a well known CA). I no longer require api.pem. It looks like instead of deleting api.pem "Verify server certificate" was just unchecked. My project is now working fine with no check marks on "Use key and certificates from local files" & "Verify server certificate". I can close this issue out however it seems like there may be a case where it doesn't work as designed. The certificate api.pem was being created by a flow using "Certificate Grabber" to an accessible location for the container. It was receiving and writing api.pem & it was a valid certificate. Non-docker - With a check mark by "Use key and certificates from local files" and no check mark by "Verify server certificate" after a deploy each HTTP request would result in "RequestError: unable to verify the first certificate" then it would work with no errors after a restart. Docker - With a check mark by "Use key and certificates from local files" and no check mark by "Verify server certificate" after a deploy each HTTP request would result in "RequestError: unable to verify the first certificate". It would continue to error even after a restart of the container. It would not error if someone checked then unchecked "Verify server certificate" and deployed. |
Current Behavior
When TLS is enabled and the "Use key and cert from local files" is checked and deployed the node will error with "RequestError: unable to verify the first certificate"
This error will continue until node-red is restarted and then it will function fine. The other work around is check the box "Verify server certificate" deploy then uncheck the box "Verify server certificate" and deploy.
Using a node-red in a Docker container a restart does not fix it. The only way to get it to work is check the box "Verify server certificate" deploy then uncheck the box "Verify server certificate" and deploy. This is an issue because any restart will cause it not to work.
Curl works fine.
Expected Behavior
No response
Steps To Reproduce
No response
Example flow
The text was updated successfully, but these errors were encountered: