Top Menu

Jump to content
Home
    Modules
      • Projects
      • Activity
      • Work packages
      • Gantt charts
      • Calendars
      • Team planners
      • Boards
      • News
    • Getting started
    • Introduction video
      Welcome to OpenProject Community
      Get a quick overview of project management and team collaboration with OpenProject. You can restart this video from the help menu.
    • Help and support
    • User guides
    • Videos
    • Shortcuts
    • Community forum
    • Enterprise support
    • Additional resources
    • Data privacy and security policy
    • Digital accessibility (DE)
    • OpenProject website
    • Security alerts / Newsletter
    • OpenProject blog
    • Release notes
    • Report a bug
    • Development roadmap
    • Add and edit translations
    • API documentation
  • Sign in
      Forgot your password?

      or sign in with your existing account

      Google

Side Menu

  • Overview
  • Activity
    Activity
  • Roadmap
  • Work packages
    Work packages
  • Gantt charts
    Gantt charts
  • Calendars
    Calendars
  • Team planners
    Team planners
  • Boards
    Boards
  • News
  • Forums
  • Feature tour
    Feature tour

Content

You are here:
  1. Forums
  2. General discussion

Local root certificates in Docker for HTTPS webhooks

Added by Bob Jones over 3 years ago

When using an Nginx HTTPS reverse proxy with self-signed root certificate chain, webhooks error with:

SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)

Using https://webhook.site/ for testing, everything works correctly due to valid Root CA's.

Using https://github.com/webhooksite/webhook.site for local testing behind the proxy using HTTP, everything works correctly without SSL/TLS.

When testing from the web container using curl -X POST https://webhook.example.com/abc123, it fails due to invalid certificates, therefore added local root certificate via update-ca-certificates and the curl command now works, webhooks still fail.

Therefore, I think that REST API is not using /etc/ssl/certs/ as the certificate store when the webhooks are sent. Is there a method for including a local root certificate into the container that Ruby will use when sending webhooks?

FYI, I've had a look around ./rest-client-2.1.0/lib/restclient/request.rb and found # If there's no CA file, CA path, or cert store provided, use default, but not where I can affect a change or identify the defaults.


Replies (1)

RE: Local root certificates in Docker for HTTPS webhooks - Added by Dan Medesan-Epos about 2 years ago

I am having same problem, but with package installation (Ubuntu 22)

Tried to reproduce with a small ruby script and rest-client import, but the certificate was accepted.

Our CA and WebService certificates where imported with update-ca-certificates.

Is the OpenSSL Store not initialized maybe ?

For STMP there is a option OPENPROJECT_SMTP__OPENSSL__VERIFY__MODE (default="peer"), should not have webhooks a similar option ??

I ended up adding a http bindung to our webserver.

  • (1 - 1/1)
Loading...