Mender client rejects the server certificate of mTLS ambassador with Error: "certificate signed by unknown authority, openssl verify rc: 20"

ebesas · April 26, 2024, 12:50am

I have confirmed with Mender support that this approach is valid.
It is either:

Specify the self-signed certificate of the CA in mender.conf in the device to verify the server/mTLS proxy or,
Add the server certificate to the list of trusted certificates on the system:

scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -P 8822 ca.crt root@$CONTAINER_IP:/usr/local/share/ca-certificates/mender/ca.crt
ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 8822 root@$CONTAINER_IP update-ca-certificates

Topic		Replies	Views
mTLS: Fails to authorize client automatically with Error "Unknown url.Error type: Host validation error" General Discussions mtls , authorization	3	681	November 21, 2022
Mender client x509: certificate signed by unknown authority issue General Discussions preauthorization , demo-server	1	1227	October 24, 2019
SSL CA certificate setup on mender production General Discussions	5	2248	November 27, 2019
Does a device log failed attempts to add itself to Pending Devices? General Discussions	26	994	February 19, 2021
Issue with Mender Client Certificate/Mutual TLS tutorial or setup General Discussions	3	914	November 18, 2020

Mender client rejects the server certificate of mTLS ambassador with Error: "certificate signed by unknown authority, openssl verify rc: 20"

Related topics