Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Deployment to HTTPS endpoint fails with SELF_SIGNED_CERT_IN_CHAIN, even though certificate is trusted by OS
See original GitHub issueDescribe the Bug
The app does not pick up custom root certificates that have been added to the OS trust store. When trying to deploy to a server with a self signed cert -> self imported self signed CA cert, the deployment fails and an error is logged:
{"code":"SELF_SIGNED_CERT_IN_CHAIN","deploymentName":"test","errno":"SELF_SIGNED_CERT_IN_CHAIN","message":"request to https://localhost:8443/engine-rest/deployment/create failed, reason: self signed certificate in certificate chain","type":"system"} [ deploy-error ]
Steps to Reproduce
Prerequisite:
- Setup your environment, generate a CA certificate, generate a server certificate, import the CA certificate in your OS trust store, start a test server with the server certificate. Cf. this project that does the stuff on Arch Linux)
Reproduce bug:
- In the App, create a diagram.
- Press “Deploy Current Diagram”.
- Fill in the “Name” - Test.
- Fill in the “URL” - https://localhost:8443/engine-rest/deployment/create.
- Press “Deploy”.
Additional information:
- Apache Tomcat uses a certificate issued by a certification authority.
- Deploy via HTTP works good.
- Camunda APPs (e.g. admin, coсkpit, tasklist) works good via HTTPS (Сertificate is valid).
Expected Behavior
Diagram deployed via HTTPS.
Environment
- OS: [CentOS 7.6, Windows 10]
- Camunda Modeler Version: [3.1.2]
- Apache Tomcat Version: [9.0.19]
- Camunda Community Platform: [7.11.0]
Issue Analytics
- State:
- Created 4 years ago
- Comments:18 (11 by maintainers)
Top Results From Across the Web
Unable to configure HTTPS endpoint. No server certificate ...
msc and delete all localhost certificates under both Personal\Certificates and Trusted Root Certification Authorities\Certificates. Then run ...
Read more >Security certificate validation fails - Windows Server
Works around an issue where security certificate that's presented by a website isn't issued when it has multiple trusted certification paths ...
Read more >Troubleshoot ACM certificate error messages using HTTPS ...
Clients are receiving certificate error messages when trying to access my website using HTTPS connections. How do I resolve this?
Read more >Securing Tanium Console, API, and Module Server access
Even though browsers provide the option to access the Tanium Console ... ssl.key, HTTPS certificate and private key that the Module Server ...
Read more >Certificate Not Trusted | View Security Certificate Errors
DigiCert provides warnings presented by web browsers when you access a site that has security certificate installed that cannot be verified by the...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
After spending some time on the issue I can verify that this is a BUG.
It appears that the app does not pick up the certificates in the OS trust store.
This is an issue we got to work around somehow, as it seems to be broken upstream in Electron, cf. https://github.com/electron/electron/issues/11741 and https://github.com/electron/electron/issues/10257.
I have a related issue. I’m getting in Camunda Modeler 4.9 the following error: “Should point to a running Camunda Platform REST API.” As far as I know the problem is caused by the self signed certificated that is not accepted as valid by Chrome.