Conjur root certification in Docker

I have installed Conjur OSS in Docker and want to use the .Net Api (Conjur .NET API) to access my stored secrets. I am currently getting an exception stating that the Certificate does not pass Validation. I wanted to retrieve the Root Certificate for Conjur using the following command:openssl s_client --showcerts --connect $CONJUR_HOSTNAME:443 < /dev/null 2> /dev/null | sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’ > conjur.pem but this only creates an empty file. I cannot seem to get the correct .pem file I need in order to get the .Net API working.

Hi @quinzylam ,

Thank you for trying out Conjur OSS!

Just to be sure, when you say that you installed Conjur OSS in Docker, this is in a Docker Compose environment similar to what’s described in the Conjur QuickStart Guide?

If this is the case, then you should be able to read Conjur’s root certificate using localhost:8443, e.g. with something like this:

openssl s_client --showcerts --connect localhost:8443 < /dev/null 2> /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > conjur.pem

Walking through this a bit… The Conjur Docker-Compose configuration exposes the ‘proxy’ (i.e. NGINX) service on localhost port 8443:

  proxy:
    image: nginx:1.13.6-alpine
    container_name: nginx_proxy
    ports:
      - "8443:443"
 < - - - SNIP - - - >

You can verify this port config with curl:

```
$ curl -s https://localhost:8443 -k  | grep "Your Conjur server"
        <p class="status-text">Your Conjur server is running!</p>
$
```

If the openssl command above doesn’t work out-of-the-box for you, you can run just the first part of the command as a sanity check. This should show the entire certificate (note: the < /dev/null suppresses the openssl from prompting you for data to include in the request body):

openssl s_client --showcerts --connect localhost:8443 < /dev/null

Hope this helps, let me know if I can help further.

-Dane

Hi Dane,

Thank you so much for the explanation, it definitely did the job. It is much appreciated.

Kind regards,
Quinten