I have installed Conjur OSS in Docker and want to use the .Net Api (Conjur .NET API) to access my stored secrets. I am currently getting an exception stating that the Certificate does not pass Validation. I wanted to retrieve the Root Certificate for Conjur using the following command:openssl s_client --showcerts --connect $CONJUR_HOSTNAME:443 < /dev/null 2> /dev/null | sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’ > conjur.pem but this only creates an empty file. I cannot seem to get the correct .pem file I need in order to get the .Net API working.
Hi @quinzylam ,
Thank you for trying out Conjur OSS!
Just to be sure, when you say that you installed Conjur OSS in Docker, this is in a Docker Compose environment similar to what’s described in the Conjur QuickStart Guide?
If this is the case, then you should be able to read Conjur’s root certificate using localhost:8443
, e.g. with something like this:
openssl s_client --showcerts --connect localhost:8443 < /dev/null 2> /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > conjur.pem
Walking through this a bit… The Conjur Docker-Compose configuration exposes the ‘proxy’ (i.e. NGINX) service on localhost port 8443:
proxy:
image: nginx:1.13.6-alpine
container_name: nginx_proxy
ports:
- "8443:443"
< - - - SNIP - - - >
You can verify this port config with curl:
```
$ curl -s https://localhost:8443 -k | grep "Your Conjur server"
<p class="status-text">Your Conjur server is running!</p>
$
```
If the openssl
command above doesn’t work out-of-the-box for you, you can run just the first part of the command as a sanity check. This should show the entire certificate (note: the < /dev/null
suppresses the openssl
from prompting you for data to include in the request body):
openssl s_client --showcerts --connect localhost:8443 < /dev/null
Hope this helps, let me know if I can help further.
-Dane
Hi Dane,
Thank you so much for the explanation, it definitely did the job. It is much appreciated.
Kind regards,
Quinten