Hey guys I successfully setup TLS HTTPS support on the quick Ory Community #talk-kratos

Hey guys, I successfully setup TLS/HTTPS support o...

clean-glass-46254

12/18/2021, 12:31 AM

Hey guys, I successfully setup TLS/HTTPS support on the quickstart kratos, and authentication and HTTPS authentication calls work through the browser and they work from the node sample app, but they don't work through curl... this is what i see when I curl the https public api endpoint:

Copy code

curl -v -s -X GET -H "Accept: application/json" https://***/self-service/login/browser
*  Trying **.***.**.***...
* TCP_NODELAY set
* Connected to *** (**.***.**.***) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/cert.pem
 CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, certificate expired (557):
* SSL certificate problem: certificate has expired
* Closing connection 0

is it caching? or is there another step where I have to set a certificate some where else? is /etc/ssl/cert.pem in the docker container or is it on my local machine that's making the curl request? Also, I should mention that http works fine and as expected, it's only https with curl.

proud-plumber-24205

12/20/2021, 7:02 PM

@clean-glass-46254 try setting

--insecure

flag on the curl command

clean-glass-46254

12/21/2021, 5:25 AM

$ curl -v -s -X -k --insecure GET -H "Accept: application/json" <https://***/self-service/login/browser>

* Could not resolve host: GET

* Closing connection 0

* Trying *...

* TCP_NODELAY set

* Connected to * (**.*.**.*) port 443 (#1)

* ALPN, offering h2

* ALPN, offering http/1.1

* successfully set certificate verify locations:

* CAfile: /etc/ssl/cert.pem

CApath: none

* TLSv1.2 (OUT), TLS handshake, Client hello (1):

* TLSv1.2 (IN), TLS handshake, Server hello (2):

* TLSv1.2 (IN), TLS handshake, Certificate (11):

* TLSv1.2 (IN), TLS handshake, Server key exchange (12):

* TLSv1.2 (IN), TLS handshake, Server finished (14):

* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):

* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):

* TLSv1.2 (OUT), TLS handshake, Finished (20):

* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):

* TLSv1.2 (IN), TLS handshake, Finished (20):

* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384

* ALPN, server accepted to use http/1.1

* Server certificate:

* subject: CN=*

* start date: Dec 15 080943 2021 GMT

* expire date: Mar 15 080942 2022 GMT

* issuer: C=US; O=Let's Encrypt; CN=R3

* SSL certificate verify result: certificate has expired (10), continuing anyway.

> -k /self-service/login/browser HTTP/1.1

> Host: *

> User-Agent: curl/7.64.1

> Accept: application/json

>

< HTTP/1.1 400 Bad Request

< Server: nginx/1.20.0

< Date: Tue, 21 Dec 2021 052127 GMT

< Content-Type: text/html

< Content-Length: 157

< Connection: close

<

<html>

<head><title>400 Bad Request</title></head>

<body>

<center><h1>400 Bad Request</h1></center>

<hr><center>nginx/1.20.0</center>

</body>

</html>

* Closing connection 1

* TLSv1.2 (OUT), TLS alert, close notify (256):

clean-glass-46254

12/21/2021, 5:25 AM

still not showing anything

clean-glass-46254

12/21/2021, 5:25 AM

or not showing a correct json output

37 Views

Open in Slack

Previous Next