envoyproxy/gateway

docs: TLS Passthrough - SSL Certificate Issue

Open

#5.630 aberto em 28 de mar. de 2025

Ver no GitHub
 (1 comment) (0 reactions) (0 assignees)Go (802 forks)auto 404
documentationgood first issuehelp wantedtriage

Métricas do repositório

Stars
 (2.871 stars)
Métricas de merge de PR
 (Métricas PR pendentes)

Description

Description: Encountering the following error in the TLS passthrough doc while trying to query the example app through the gateway

curl -v -HHost:passthrough.example.com --resolve "passthrough.example.com:6443:${GATEWAY_HOST}" \
--cacert example.com.crt https://passthrough.example.com:6443/get

* Added passthrough.example.com:6443:127.0.0.1 to DNS cache
* Hostname passthrough.example.com was found in DNS cache
*   Trying 127.0.0.1:6443...
* Connected to passthrough.example.com (127.0.0.1) port 6443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: example.com.crt
*  CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Request CERT (13):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Page: https://gateway.envoyproxy.io/docs/tasks/security/tls-passthrough/

Guia do colaborador