You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Sometimes, especially on slower hardware in the snap distribution of EdgeX, Kong will not pick up the SNIs setting that we use to specify what certificates Kong should serve for which routes.
Kong uses the certificates uploaded to it with the SNIs objects to determine what ssl certs to serve when presented with a given request. The Host parameter that the client request has is used as what SNI to use with the response, meaning that AFAICT we need to define the SNIs for the certificate that is uploaded to Kong from edgexproxy. See:
Sometimes, especially on slower hardware in the snap distribution of EdgeX, Kong will not pick up the SNIs setting that we use to specify what certificates Kong should serve for which routes.
Kong uses the certificates uploaded to it with the SNIs objects to determine what ssl certs to serve when presented with a given request. The Host parameter that the client request has is used as what SNI to use with the response, meaning that AFAICT we need to define the SNIs for the certificate that is uploaded to Kong from edgexproxy. See:
security-api-gateway/core/certs.go
Lines 33 to 41 in e8f7d75
From the Admin API docs for Kong @ https://docs.konghq.com/1.0.x/admin-api/#certificate-object specifying the
"snis"key in the object we upload to the/certificatesendpoint is supposed to be sufficient for this, however sometimes it seems that the SNIs parameter is ignored. This seems to be a common problem with Kong upstream, see for example Kong/kong#4235 and Kong/kong#3610 and Kong/kong#4069My proposed fix that I have confirmed seems to be more reliable than using the multipart form is to use JSON in the body post