Disable HTTP Integration SSL Verification

Xersist · December 16, 2024, 12:24pm

Is there a way to disable the ssl verification when using a https endpoint? The endpoint uses a private ca and it seems this is the issue. I don’t see a config option either.

I tried mounting the ca and running update-ca-certificate inside the chirpstack container but just get the following error

Failed to open temporary file /etc/ssl/certs/bundleXXXXXX for ca bundle.

Any ideas?

Liam_Philipp · December 16, 2024, 3:53pm

Here are the options for the postgresql integration, did you reference the CA there? Looks like you can also disable SSL in the dsn line. As for your failed to open it is likely just permission issues, did you try CHOWN and CHMOD?

[integration.postgresql]
# PostgreSQL DSN.
#
# Format example: postgres://<USERNAME>:<PASSWORD>@<HOSTNAME>/<DATABASE>?sslmode=<SSLMODE>.
#
# SSL mode options:
#  * disable - no SSL
#  * require - Always SSL (skip verification)
#  * verify-ca - Always SSL (verify that the certificate presented by the server was signed by a trusted CA)
#  * verify-full - Always SSL (verify that the certification presented by the server was signed by a trusted CA and the server host name matches the one in the certificate)
dsn="postgresql://chirpstack_integration:chirpstack_integration@localhost/chirpstack_integration?sslmode=disable"

# Max open connections.
#
# This sets the max. number of open connections that are allowed in the
# PostgreSQL connection pool.
max_open_connections=10

# CA certificate (optional).
#
# Set this to the path of the CA certificate in case you are using TLS and
# the server-certificate is not signed by a CA in the platform certificate
# store.
ca_cert=""

Xersist · January 16, 2025, 12:46am

Hello, thanks for the response. Been a bit since I’ve came back to the forum.

My solution doesn’t actually do what I wanted to do, but is actually how you should do it
I had them install the CA onto the system so it can communicate itself.
Then the issue I had about mouting the CA they had used symbolic links in the /etc/ssl directory that I didn’t notice, so when mounting I actually had to mount both locations in the Chirpstack container and it started working.

For example under volumes.

- /etc/ssl:/etc/ssl:ro
- /etc/pki/:/etc/pki:ro

The private CA was just placed in the pki directory instead of ssl and was just linked.

Thanks

system · April 16, 2025, 12:46am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.