Rancher-compose and unknown CA

Hi there,

I am having problems using docker-compose against our Rancher Server with ssl and our certificate. It is not a self signed certificate, but it seems there is no a known CA in most of browsers and distributions. With Ranchger agents we solved the issue adding the full chain of the certificate bundled into a file, and now it is working ok.

Now the problem is with rancher-compose, that it seems it is not using the certificates registry of my system (for example Ubuntu 16.04). So, trying to use docker-compose:

$  rancher-compose up
ERRO[0000] Failed to open project deployment: Get https://iot-agents.atosresearch.eu/: x509: certificate signed by unknown authority 
FATA[0000] Failed to read project: Get https://iot-agents.atosresearch.eu/: x509: certificate signed by unknown authority

The certificate is correctly added to my Ubuntu System, I can test it with:

$  curl https://server_url/

{"id":"31f10389-d693-40e8-becf-bb7a50bf4adb","type":"error","links":{},"actions":{},"status":401,"code":"Unauthorized","message":"Unauthorized","detail":null}

How is taking certificates rancher-compose?

Many thanks

It may pay attention to the DOCKER_TLS_VERIFY environment variable because it uses libcompose. Try export DOCKER_TLS_VERIFY=0

Sorry, but still the same problem :frowning:

Ignoring TLS could be a good workaround by the moment, to continue with my objectives. But, I would like to have a way of including the CA which is validating my Cert. Because it is a valid one (rancher agents are using this certificate).

I have not solved the issue, because I dont know where GO is taking the certificates. But I have a better solution. Now I have configured correctly my server to provide correctly the certificates chain (including intermediate certificate). Now all the clients can identify the CA as known and trusted.

Hey Jose May I know how you configured your server to provide proper certificate chain with intermediate certificates. It will help us more, can you tell me the order, thanks in advance.