SSL Errors when querying LDAP / AD service


#1

I’m trying to use the identity API for LDAP/AD integration, but am getting SSL erros when trying to connect to replicated-premkit.default.svc.cluster.local to initiate the login flow. What’s the best way to remediate this? I’m aware that I can set my app to skip cert validation (e.g. in NodeJS NODE_TLS_REJECT_UNAUTHORIZED=0), but I’d rather not do that if I can avoid it, especially with sensitive data like authentication. Is there a way to explicitly trust just the integration API Certificate? How can I access the certs used on prem?


#2

As you’ve said, the most basic solution is to skip verification for that endpoint. In general, the chance of interception within the cluster is fairly low :wink:

A more secure, but more difficult, solution is to pass the certificate that the endpoint uses into your application as an environment variable, as it’s available through the consoleSetting template function.

    env:
    - name: REPLICATED_PREMKIT_CERT
      value: '{{repl ConsoleSetting "tls.cert.data"}'