These are chat archives for spring-cloud/spring-cloud
@dsyer Hi Dave. I am running a Spring Cloud Config Server configured to use a self-signed SSL certificate. When I configured my Spring Boot Authorization Server (not Spring Cloud's UAA) to use this config server, I got the following error:
2018-01-30_13:29:16.349 INFO org.springframework.cloud.config.client.ConfigServicePropertySourceLocator locate - Fetching config from server at: https://localhost:8888 2018-01-30_13:29:17.084 WARN org.springframework.cloud.config.client.ConfigServicePropertySourceLocator locate - Could not locate PropertySource: I/O error on GET request for "https://localhost:8888/immport-auth-server/test": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
So I searched the web for a resolution and found a couple of issues that are now closed. The issue at spring-cloud/spring-cloud-config#148 suggests configuring Git with "git config --global http.sslVerify false", but that did not seem to make a difference. The solution suggested at spring-cloud/spring-cloud-config#499 doesn't work for me either because my config server is not always deployed on localhost.
I get around this problem in my own code by using a ClientHttpRequestFactory configured to ignore SSL hostname errors (HttpComponentsClientHttpRequestFactory implementation).
I noticed that method getSecureRestTemplate at https://github.com/spring-cloud/spring-cloud-config/blob/master/spring-cloud-config-client/src/main/java/org/springframework/cloud/config/client/ConfigServicePropertySourceLocator.java uses the SimpleClientHttpRequestFactory implementation.
Would it be possible to add a property to ConfigClientProperties to ignore SSL errors or somehow provide a way for people to inject their own RestTemplate instance or ClientHttpRequestFactory instance in order to get around this problem?
Thanks in advance for your help.