I have installed Conjur OSS in Docker and want to use the .Net Api (Conjur .NET API) to access my stored secrets. I am currently getting an exception stating that the Certificate does not pass Validation. I wanted to retrieve the Root Certificate for Conjur using the following command:openssl s_client --showcerts --connect $CONJUR_HOSTNAME:443 < /dev/null 2> /dev/null | sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’ > conjur.pem but this only creates an empty file. I cannot seem to get the correct .pem file I need in order to get the .Net API working.
Hi @quinzylam ,
Thank you for trying out Conjur OSS!
Just to be sure, when you say that you installed Conjur OSS in Docker, this is in a Docker Compose environment similar to what’s described in the Conjur QuickStart Guide?
If this is the case, then you should be able to read Conjur’s root certificate using
localhost:8443, e.g. with something like this:
openssl s_client --showcerts --connect localhost:8443 < /dev/null 2> /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > conjur.pem
Walking through this a bit… The Conjur Docker-Compose configuration exposes the ‘proxy’ (i.e. NGINX) service on localhost port 8443:
proxy: image: nginx:1.13.6-alpine container_name: nginx_proxy ports: - "8443:443" < - - - SNIP - - - >
You can verify this port config with curl:
``` $ curl -s https://localhost:8443 -k | grep "Your Conjur server" <p class="status-text">Your Conjur server is running!</p> $ ```
openssl command above doesn’t work out-of-the-box for you, you can run just the first part of the command as a sanity check. This should show the entire certificate (note: the
< /dev/null suppresses the
openssl from prompting you for data to include in the request body):
openssl s_client --showcerts --connect localhost:8443 < /dev/null
Hope this helps, let me know if I can help further.
Thank you so much for the explanation, it definitely did the job. It is much appreciated.