Boundary Error with 509: certificate signed by unknown authority

I am working on building a azure devops pipeline with TFC, but when I setup boundary i am getting these x509: certificate signed by unknown authority errors.

I have tls_skip_verify = “true”

│ Error: error creating scope: error performing client request during Create call: Post "": x509: certificate signed by unknown authority

Is this using the Boundary CLI or the Terraform provider?

HI @omkensey

I saw a pull request to enable 13 days ago to enable insecure TLS using the terraform provider. I thought i would give it a try.

Support insecure TLS communication to API endpointJira Sync #404: Pull request #163 closed by louisruch

Instead we just added the certs in the terraform agent.

Hey @sebbycorp

Thank you for trying Boundary! Just a quick follow up, the setting in the provider is tls_insecure not tls_skip_verify. I do see that for credential stores we have the setting as tls_skip_verify, I will chat with the team on synchronizing our terminology when we are all back from the holiday break.

I quickly double checked on my side and was able to access a boundary server using a self signed cert with the tls_insecure flag set:

provider "boundary" {
  addr             = ""
  tls_insecure     = true
  recovery_kms_hcl = <<EOT
kms "aead" {
    purpose   = "recovery"
    aead_type = "aes-gcm"
    key       = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
    key_id    = "global_recovery"

Since the PR you linked has not been part of a provider release I just want to also make sure you are using a locally build provider?

1 Like

Thanks for response, silly me i should have tried that lol. Next time, for now i added the trusted cert :smiley:

Boundary uses tls_insecure; what you’re looking at with the credential store is tls_skip_verify because it’s the Vault credential store and that’s Vault’s terminology.