our environment is an OpenShift-Cluster in the version 4.5.30, which is based on Kubernetes.
We deployed the axon-server from our own Dockerfile which is based on your axon-server-image but added our keystore to the image.
Without SSL everything works perfect and we reach the gui over the url:
FROM docker.io/axoniq/axonserver:4.3.3 USER 0 COPY ./axon.p12 /resources/axon.p12 COPY ./axon.cer /resources/axon.cer COPY ./key.pem /resources/key.pem
The axon-dev.p12 is a keystore which contains the certification chain:
The axon-staging-cert is a self-signed cert from our issuing.ca
We set following environment variables for the start of the container:
- name: TZ value: Europe/Berlin - name: AXONIQ_AXONSERVER_NAME value: axonserver-staging - name: AXONIQ_AXONSERVER_HOSTNAME value: axonserver-staging - name: axoniq.axonserver.accesscontrol.enabled value: 'true' - name: axon.axonserver.token valueFrom: secretKeyRef: name: axonserver-token key: WebHookSecretKey
SSL enabled for HTTP server
- name: server.ssl.key-store-type value: PKCS12 - name: server.ssl.key-store value: /resources/axon.p12 - name: server.ssl.key-store-password value: axonserver - name: server.ssl.key-alias value: axonserver - name: security.require-ssl value: 'true'
SSL enabled for gRPC server
- name: axoniq.axonserver.ssl.enabled value: 'true' - name: axoniq.axonserver.ssl.cert-chain-file value: /resources/axon.cer - name: axoniq.axonserver.ssl.private-key-file value: /resources/key.pem
The SSL for the gRPC port seems to work, because when we only encrypt the gRPC port, we don’t see the yellow warning „ssl disabled“ in the GUI.
Unfortunately we cant reach the gui over the http port, when we encrypt the http-connection.
We get the following error:
Bad Request This combination of host and port requires TLS.
When we open the certificate on the URL it says that the certificate is valid.
So we think that Axon can’t handle the certificate.
What is our problem and how can we solve it?
Thank you very much in advance