[SOLVED] CrowdSec with TLS

Started by toxic, July 05, 2023, 02:26:28 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 05, 2023, 02:26:28 AM Last Edit: July 06, 2023, 02:48:15 AM by toxic
Solved : turns out it was a bug in crowdSec v1.5.1 and someone kindly built me a 1.5.2 for BSD that solves it.

I'm stuck, I can manage to get crowdsec working with my private CA emitting certificates on a docker setup, but putting it inside the opnSense plugin fails.

Essentially, I am sure whatever context crowdsec runs it is not trusting my CA on opnsense, it says so in the logs :
Code Select
time="05-07-2023 02:23:38" level=error msg="error while performing request: tls: failed to verify certificate: x509: certificate signed by unknown authority; 4 retries left"

But in fact, I have signed certs with this ca for other machines on the network, and when I use curl from the very same opnSense machine to use https on a server that has a cert signed by my internal CA, it does work properly and recognize the CA... I did have to import my CA in Trust->Authorities for that, sure but now this at least works.

But somehow, crowdsec seems not to use it..

Any idea how to add a CA cert to be trusted by crowdsec ? even looking at the plugin code I can't find what's missing on my machine to have crowdsec trust my CA...
Print
Go Up Pages1
User actions