Consul TLS with Spring based Rest service

1
votes

We are trying to enable tls to the Consul so that our Rest service(which is using self-signed certificate) will be able to register to Consul in Https mode, For enabling TLS I am following Consul documentation as well as below links

https://www.digitalocean.com/community/tutorials/how-to-secure-consul-with-tls-encryption-on-ubuntu-14-04

http://russellsimpkins.blogspot.in/2015/10/consul-adding-tls-using-self-signed.html

Note: I am using centos 7.2

now my service try to register to the consul but in Consul dashboard its down and on the console I am getting below error:

x509: certificate signed by unknown authority

1
spring-bootspring-cloudconsul
Well the issue is that your jvm does not trust the self signed cert that Consul is using. You can either import this into the truststore or better: create an internal CA certificate that you configure in Consul and the JVM to implicitly trust. This will allow you to create as many certs as you want which will be accepted by both sides. - daniel.eichten
Hi Daniel Thanks for the reply, We have tried this but it didn't work for us. I was looking into some issues of consul and I found this github.com/hashicorp/consul/issues/1986https://github.com/… when you look into the last comment it says provide the whole chain instead of only cert-file - Brijan Elwadhi
Did you also added the same certificate as trusted to the jvm truststore? That's not part of your question. There you are only talking about consul. - daniel.eichten
hey i have updated the last comment - Brijan Elwadhi
yes i added the same certificate to jvm truststore - Brijan Elwadhi

1 Answers

0
votes

we found the solution. we have to add the CA cert to TLS trust store instead JVM trust store for centos it is "/etc/pki/tls/certs/ca-bundle.crt"

just by appending CA certificate to this file solved our issue