Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Custom Certificate for OpenId / urllib3? #3092

Open
akloster opened this issue Dec 4, 2022 · 1 comment
Open

Custom Certificate for OpenId / urllib3? #3092

akloster opened this issue Dec 4, 2022 · 1 comment
Labels
stale For marking issues as stale. Labeled issues will be closed soon if label is not removed.

Comments

@akloster
Copy link

akloster commented Dec 4, 2022

I'm trying to get Kinto to run in a development setup with docker, OpenID (Authentik for now) and behind SSL. However, that requires the kinto application running in the container to trust the ssl certificate of the OpenID provider, which is self-signed.

I made a custom kinto image and added the root certificate to the usual trust store. I can run wget and curl from that image no problem, but kinto and urllib3 don't want to have anything to do with it.

As far as I have come so far, urllib3 uses pyOpenSSL so it should use that truststore. Also the certificate file seems correctly installed as a pem file. There are instructions in the urllib3 documentation how to change the code to use a custom bundle, but that would mean to change kinto and pyramid...

Is there an obvious thing I'm missing?

@akloster
Copy link
Author

akloster commented Dec 4, 2022

I found out the problem. Urllib3 seems to usually use the "certifi" package. And one way to add a certificate to that in a docker file is to append it to the certifi bundle:

ADD dev-ca.crt .
RUN cat dev-ca.rt >> `python -m certifi`

@alexcottner alexcottner added the stale For marking issues as stale. Labeled issues will be closed soon if label is not removed. label Jul 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
stale For marking issues as stale. Labeled issues will be closed soon if label is not removed.
Projects
None yet
Development

No branches or pull requests

2 participants