Skip to content
This repository has been archived by the owner on Mar 27, 2019. It is now read-only.

vault-ui login does not work error as unable to verify first certificate #254

Open
ssubramanian123 opened this issue Jul 25, 2018 · 3 comments
Open

vault-ui login does not work error as unable to verify first certificate #254

ssubramanian123 opened this issue Jul 25, 2018 · 3 comments

Comments

@ssubramanian123
Copy link

Hi,

I have used chart provided in this repo to install vaultui. Configured my vault endpoint and deployed chart. Vaultui is up when i try to login with token it says Error: Error: unable to verify the first certificate.

Please find below screen shot and also I dont see any log in the pod.

screen shot 2018-07-25 at 9 15 51 am

pod log

kubectl logs vaultui-vault-ui-7957b5cc56-sqfkx  -n vault -f
yarn run v1.6.0
$ node ./server.js start_app
Vault UI listening on: 8000

Can anyone help me what i am missing?
@Nowaker
Copy link

Nowaker commented Aug 17, 2018

Read docs: https://github.com/djenriquez/vault-ui#advanced-configuration-options

@soapergem
Copy link

I'm running into this exact same problem. The docs are in no way helpful in this case. The docs are terrible.

Here's my situation: I have a root certificate as a PEM file, meaning it looks something like this:

-----BEGIN CERTIFICATE-----
Eighteen
Lines
Of
Base64
Encoded
Data
...
-----END CERTIFICATE-----

But I honestly have no idea how to properly include that certificate file. The docs you linked to essentially say two things about it:

  1. ...parameters must be configured by clicking on the configuration cog... Using environment variables (via docker), an administrator can pre-configure those parameters.
  2. CUSTOM_CA_CERT Pass a self-signed certificate that the system should trust.

So my first thought is, okay, great, I'll just click on the cog. Except there are no options when you click on the cog to add a certificate. The only options there are "Vault Server URL," "Login Method," and "Auth backend path." Nothing about adding certificates.

So, okay, I guess I'll use the environment variables after all. But how? Do I call it with -e "CUSTOM_CA_CERT=/user/home/mycert.pem"? I'm guessing not, because you can't just add a file to a Docker container like that... it's isolated so doesn't have access to my system. So do I pass the contents of the file as a string? Something like -e "CUSTOM_CA_CERT=EighteenLinesOfBase64EncodedData..."? Long story short, neither of those work. The docs really need to specify what, specifically, we pass in as a value for CUSTOM_CA_CERT and give an example. And they should be updated to say that the certificates cannot be configured via the cog button.

With all that said, what is the proper way to get this working?

@OOPMan
Copy link

OOPMan commented Oct 11, 2018

@soapergem I just ran into this issue myself. The CUSTOM_CA_CERT option does nothing, neither does adding my CA to the trust store. It seems the only option right now is to use NODE_TLS_REJECT_UNAUTHORIZED and set it to 0.

Unfortunately, this is quite frustrating especially when you add it to the issue that Vault-UI can't be run in TLS mode easily.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@OOPMan @Nowaker @soapergem @ssubramanian123