Added by Bob Jones almost 4 years ago
When using an Nginx HTTPS reverse proxy with self-signed root certificate chain, webhooks error with:
SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)
Using https://webhook.site/ for testing, everything works correctly due to valid Root CA's.
Using https://github.com/webhooksite/webhook.site for local testing behind the proxy using HTTP, everything works correctly without SSL/TLS.
When testing from the web container using curl -X POST https://webhook.example.com/abc123, it fails due to invalid certificates, therefore added local root certificate via update-ca-certificates and the curl command now works, webhooks still fail.
Therefore, I think that REST API is not using /etc/ssl/certs/ as the certificate store when the webhooks are sent. Is there a method for including a local root certificate into the container that Ruby will use when sending webhooks?
FYI, I've had a look around ./rest-client-2.1.0/lib/restclient/request.rb and found # If there's no CA file, CA path, or cert store provided, use default, but not where I can affect a change or identify the defaults.
Replies (1)
I am having same problem, but with package installation (Ubuntu 22)
Tried to reproduce with a small ruby script and rest-client import, but the certificate was accepted.
Our CA and WebService certificates where imported with
update-ca-certificates.Is the OpenSSL Store not initialized maybe ?
For STMP there is a option
OPENPROJECT_SMTP__OPENSSL__VERIFY__MODE (default="peer"), should not have webhooks a similar option ??I ended up adding a http bindung to our webserver.