Orchestrator plugin SSL verifications

richard_davidsson · May 29, 2023, 12:43pm

Hey,

I have some issues to verify SSL certificates issued by our internal CA within plugins on our Orchestrator.

I have installed our root cert as a trusted root ca on the orchestrator and I have tested curl natively on the server to connect to internal resources and I do not get any warnings about untrusted certificate.

But when I try to use plugins, ex the Jenkins plugin, it fail to detect that the certificates provided by the destination are signed by our root cert and it instead returns an error saying it failed.

[SSL: CERTIFICATE_VERIFY_FAILED]

Any ideas on what I have missed here.

brandon_mcclure · May 30, 2023, 12:44pm

I will have to see if I can dig this up, but there is a docker mapping for the cert store that is needed

ilyaaz_noerkhan · May 30, 2023, 2:12pm

Did you follow these steps? Install Private CA Certificates | InsightConnect Documentation (rapid7.com)

richard_davidsson · May 30, 2023, 2:23pm

Ah there we have the kind of documentation I wanted to find!
Thanks for pointing it out!
I had already completed the first bunch of steps which I did find elsewhere to make the CA cert trusted on the machine so it was only a matter of enabling that mirroring.