You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2021/09/24 02:42:38 UTC
[GitHub] [apisix] tzssangglass commented on issue #5125: request help: configure etcd tls and stream_proxy at the same time, etcd cannot connect
tzssangglass commented on issue #5125:
URL: https://github.com/apache/apisix/issues/5125#issuecomment-926299746
```yaml
etcd:
tls:
verify: false
```
the `verify` here used to control whether to verify that the CA certificate issuing the etcd certificate is in the trusted certificate chain of the host where APISIX is located.
case 1:
verify: true, and the CA certificate issuing the etcd certificate is not in the trusted certificate chain of the host where APISIX is located, APISIX will throw an Unknow CA error in tlshandshake process and stop connection.
In this case you need to configure `ssl_trusted_certificate` as the CA certificate that issuing the etcd certificate.
case 2:
verify: false, and the CA certificate issuing the etcd certificate is not in the trusted certificate chain of the host where APISIX is located, APISIX won't throw an Unknow CA error in tlshandshake process, and ignore Encrypted Alert error, just establish connections with etcd.
case 3:
verify: true, and the CA certificate issuing the etcd certificate is in the trusted certificate chain of the host where APISIX is located, APISIX will do tlshandshake normally and establish connections with etcd.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org