Problems with the path to self-signed certificate

Following the indications found here: // https://docs.tigergraph.com/admin/admin-guide/data-encryption/encrypting-connections
I’m trying to use secure SSL connection with seld-signated certificate :

tigergraph@620f4d3c80cf:~$ gadmin config entry ssl

Nginx.SSL.Enable [ false ]: Enable SSL connection for all HTTP requests
New: true

Nginx.SSL.Key [ <masked> ]: Private key for SSL. (Could use @key_file_path to parse the key from file)
[Warning] Please use @filepath to set value of Nginx.SSL.Key in interactive mode, or leave it empty to skip
New: @/home/tigergraph/myconceptnet/nginx-selfsigned.key

Nginx.SSL.Cert [ <masked> ]: Public certificate for SSL. (Could use @cert_file_path to parse the certificate from file)
[Warning] Please use @filepath to set value of Nginx.SSL.Cert in interactive mode, or leave it empty to skip
New: @/home/tigergraph/myconceptnet/nginx-selfsigned.crt
[   Info] Configuration has been changed. Please use 'gadmin config apply' to persist the changes.


tigergraph@620f4d3c80cf:~$ gadmin config apply -y
[   Info] Successfully applied configuration change. Please restart services to make it effective immediately.


tigergraph@620f4d3c80cf:~$ gadmin restart gsql nginx gui ts3 -y
[   Info] Stopping NGINX GSQL TS3 GUI
[   Info] Starting ZK ETCD DICT KAFKA ADMIN GSE NGINX GPE RESTPP KAFKASTRM-LL KAFKACONN TS3SERV GSQL TS3 GUI
tigergraph@620f4d3c80cf:~$

But when I try to curl using cacert it doesn’t find the same path to the file used before:

(base) raphy@pc:~ curl --cacert /home/tigergraph/myconceptnet/nginx-selfsigned.crt https://localhost:14240 curl: (77) error setting certificate verify locations: CAfile: /home/tigergraph/myconceptnet/nginx-selfsigned.crt CApath: none (base) raphy@pc:~

@raphy , your configuration seems correct, there might be two issues i can think of :

  • your cert and keys has bad file permissions , preventing tigergraph user from parsing it
  • the localhost is not a domain covered by your cert file .
    would you please retry this using the Graphstudio -> Admin -> Management -> Components -> Nginx