envoyproxy/gateway

docs: TLS Passthrough - SSL Certificate Issue

Open

#5.630 geöffnet am 28. März 2025

Auf GitHub ansehen
 (1 Kommentar) (0 Reaktionen) (0 zugewiesene Personen)Go (802 Forks)auto 404
documentationgood first issuehelp wantedtriage

Repository-Metriken

Stars
 (2.871 Stars)
PR-Merge-Metriken
 (PR-Metriken ausstehend)

Beschreibung

Description: Encountering the following error in the TLS passthrough doc while trying to query the example app through the gateway

curl -v -HHost:passthrough.example.com --resolve "passthrough.example.com:6443:${GATEWAY_HOST}" \
--cacert example.com.crt https://passthrough.example.com:6443/get

* Added passthrough.example.com:6443:127.0.0.1 to DNS cache
* Hostname passthrough.example.com was found in DNS cache
*   Trying 127.0.0.1:6443...
* Connected to passthrough.example.com (127.0.0.1) port 6443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: example.com.crt
*  CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Request CERT (13):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Page: https://gateway.envoyproxy.io/docs/tasks/security/tls-passthrough/

Contributor Guide