I’m trying out ORY Oathkeeper with a JWT authenticator. After I’ve configured a rule and pass a valid JWT to Oathkeeper, unfortunately it fails, due to the following:
ERRO[2020-12-10T12:13:48Z] Unable to fetch JSON Web Key Set from remote audience=application error=map[debug: message:An internal server error occurred, please contact the system administrator reason:Unable to fetch JSON Web Keys from location "https://example.com/jwks" because "Get "https://example.com/jwks": x509: certificate signed by unknown authority". status:Internal Server Error status_code:500] reason=Unable to fetch JSON Web Keys from location "https://example.com/jwks" because "Get "https://example.com/jwks": x509: certificate signed by unknown authority". service_name=ORY Oathkeeper service_version=v0.38.4-beta.1 stack=rid=
error=An internal server error occurred, please contact the system administrator
reason=Unable to fetch JSON Web Keys from location "https://example.com/jwks" because "Get "https://example.com/jwks": x509: certificate signed by unknown authority".
I’ve replace the domain in this code, but that shouldn’t matter. What matters is, that the certificate cannot be verified. Probably because golang:alpine images do not contain ca-certificates by default.
Important to note: the jwks URI is publicly accessible over the internet.
How can I circumvent this?