You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm running a Step CA in the provided docker container, I've got it set up with a ACME provisioner which I'm using with cert-manger to issue certificates for Ingress objects exposing services in my Kubernetes cluster.
I was trying to add a ODIC provisioner to issue SSH certificates, My SSO provider is a Keyclock install in my Kubernetes environment.
I had initially not setup up HTTPS for Keycloak and ran into this problem.
So I used cert-manager to add a Step CA issued certificate to the Keycloak ingress, this works just fine from my browser and other tools where I have imported the Step CA root certificate, but when I try to add the ODIC provider again, I get errors like this in the logs:
time="2024-06-29T09:44:38Z" level=error duration=79.061144ms duration-ns=79061144 error="error initializing provisioner keycloak: failed to connect to https://keycloak.k8s.loc/realms/FlowFuse/.well-known/openid-configuration: Get \"https://keycloak.k8s.loc/realms/FlowFuse/.well-known/openid-configuration\": tls: failed to verify certificate: x509: certificate signed by unknown authority" fields.time="2024-06-29T09:44:38Z" method=PUT name=ca path=/admin/provisioners/keycloak protocol=HTTP/2.0 referer= remote-address=192.168.1.111 request-id=fa8127d1-02c0-4f18-a6c4-55d91f37d46a response="{\"type\":\"internalServerError\",\"detail\":\"the server experienced an internal error\",\"message\":\"error initializing provisioner keycloak: failed to connect to https://keycloak.k8s.loc/realms/FlowFuse/.well-known/openid-configuration: Get \\\"https://keycloak.k8s.loc/realms/FlowFuse/.well-known/openid-configuration\\\": tls: failed to verify certificate: x509: certificate signed by unknown authority\"}" size=396 status=500 user-agent="Smallstep CLI/0.21.0 (linux/amd64)" user-id=
This implies that the step-ca instance doesn't trust certificates it issued.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I'm running a Step CA in the provided docker container, I've got it set up with a ACME provisioner which I'm using with cert-manger to issue certificates for Ingress objects exposing services in my Kubernetes cluster.
I was trying to add a ODIC provisioner to issue SSH certificates, My SSO provider is a Keyclock install in my Kubernetes environment.
I had initially not setup up HTTPS for Keycloak and ran into this problem.
So I used cert-manager to add a Step CA issued certificate to the Keycloak ingress, this works just fine from my browser and other tools where I have imported the Step CA root certificate, but when I try to add the ODIC provider again, I get errors like this in the logs:
This implies that the step-ca instance doesn't trust certificates it issued.
How do I fix this?
Beta Was this translation helpful? Give feedback.
All reactions