I’m having some issues connecting to certain targets via HTTPS due to Boundary worker unable to validate their self-assigned certs. Is there a way to skip it?
Command and error outputs:
boundary connect http -target-id ttcp_97fqj30JSm
curl: (77) schannel: next InitializeSecurityContext failed: SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by an authority that is not trusted.
Looking at the code
there should be a environment variable
BOUNDARY_TLS_INSECURE controlling the behavior.
bool, enables or disables SSL verification
Thanks for the reply.
Although I think you are misunderstanding my question. I have no problem connecting to Boundary create/view resources. I got that cert error only when I’m connecting to a target
that has a self-assigned cert via HTTPS.
As my understanding from the documentation, env var
BOUNDARY_TLS_INSECURE is used to disable TLS between the client and the Boundary services. I think the problem here is the Boundary worker couldn’t validate the cert on the targets.
-host flag for
boundary connect http. You can also not use the
http subcommand and use whatever client you wish that makes it easier to skip cert validation by adding arguments to
curl to tell it what certificate name to look for.
Keep in mind, this isn’t Boundary that is complaining about the certificate, it’s that by default
boundary connect http launches
curl and it’s
curl that is complaining.
Ah, ok. That did clear up on some confusions I have about the workflow between clients, worker and targets.
Although in my scenario, HTTP isn’t an option. Most of the stuff I need to access are HTTPS only (probably a good idea too)… like Vault, vSphere…
Now I’m trying to figure out how to open them in a browser. I did see this other post saying I can just run
boundary connect -target-id ttcp_AwvJ06isv8, which would keep the connection up and then connect to
127.0.0.1:<port> in a browser. It does work fine for me, although I’ve had too much coffee already and wanna find a way to do this whole thing with just one command …