Top Menu

Jump to content
Home
    • Projects
    • Activity
    • Work packages
    • Calendars
    • Team planners
    • Boards
    • News
    • Getting started
    • Introduction video
      Welcome to OpenProject Community
      Get a quick overview of project management and team collaboration with OpenProject. You can restart this video from the help menu.

    • Help and support
    • User guides
    • Videos
    • Shortcuts
    • Community forum
    • Enterprise support

    • Additional resources
    • Data privacy and security policy
    • Digital accessibility (DE)
    • OpenProject website
    • Security alerts / Newsletter
    • OpenProject blog
    • Release notes
    • Report a bug
    • Development roadmap
    • Add and edit translations
    • API documentation
  • Sign in
      Forgot your password?
      Create a new account

      or sign in with your existing account

      Google

Side Menu

  • Overview
  • Activity
    Activity
  • Roadmap
  • Work packages
    Work packages
  • Calendars
    Calendars
  • Team planners
    Team planners
  • Boards
    Boards
  • Forums
  • Feature tour
    Feature tour
You are here:
  • Forums
  • General discussion

Content

Local root certificates in Docker for HTTPS webhooks

Added by Bob Jones about 2 years ago

When using an Nginx HTTPS reverse proxy with self-signed root certificate chain, webhooks error with:

SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)

Using https://webhook.site/ for testing, everything works correctly due to valid Root CA's.

Using https://github.com/webhooksite/webhook.site for local testing behind the proxy using HTTP, everything works correctly without SSL/TLS.

When testing from the web container using curl -X POST https://webhook.example.com/abc123, it fails due to invalid certificates, therefore added local root certificate via update-ca-certificates and the curl command now works, webhooks still fail.

Therefore, I think that REST API is not using /etc/ssl/certs/ as the certificate store when the webhooks are sent. Is there a method for including a local root certificate into the container that Ruby will use when sending webhooks?

FYI, I've had a look around ./rest-client-2.1.0/lib/restclient/request.rb and found # If there's no CA file, CA path, or cert store provided, use default, but not where I can affect a change or identify the defaults.


Replies (1)

RE: Local root certificates in Docker for HTTPS webhooks - Added by Dan Medesan-Epos about 1 year ago

I am having same problem, but with package installation (Ubuntu 22)

Tried to reproduce with a small ruby script and rest-client import, but the certificate was accepted.

Our CA and WebService certificates where imported with update-ca-certificates.

Is the OpenSSL Store not initialized maybe ?

For STMP there is a option OPENPROJECT_SMTP__OPENSSL__VERIFY__MODE (default="peer"), should not have webhooks a similar option ??

I ended up adding a http bindung to our webserver.

  • (1 - 1/1)
Loading...