Problem with TLS certificate signed by unknown authority using hydra-client-go

ORY Hydra
#1

I followed the tutorials in the docs and created a docker instance of Hydra. Using the docker commands I can create a client and do all the stuff that I am supposed to do.

In order to use HTTPS I created my own certificates and it worked so far.

However, now I try to use the Go client, where I get the error

panic: Get "https://localhost:9000/health/alive": x509: certificate signed by unknown authority

after trying out both

package main

import (
	"context"
	"crypto/tls"
	"log"
	"net/http"
	"net/url"

	"github.com/ory/hydra-client-go/client"
	client_admin "github.com/ory/hydra-client-go/client/admin"
	client_public "github.com/ory/hydra-client-go/client/public"
	"github.com/ory/hydra-client-go/models"
	"golang.org/x/oauth2"

)

func main() {

	adminURL, _ := url.Parse("https://localhost:9001")

	c := client.NewHTTPClientWithConfig(nil, &client.TransportConfig{
		Schemes: []string{adminURL.Scheme}, Host: adminURL.Host, BasePath: adminURL.Path})

	isInstanceAliveParams := client_admin.NewIsInstanceAliveParams()

	ok, err := c.Admin.IsInstanceAlive(isInstanceAliveParams)
	if err != nil {
		panic(err)
	}
	log.Println(ok)
}

and

package main

import (
	"context"
	"crypto/tls"
	"log"
	"net/http"
	"net/url"

	"github.com/ory/hydra-client-go/client"
	client_admin "github.com/ory/hydra-client-go/client/admin"
	client_public "github.com/ory/hydra-client-go/client/public"
	"github.com/ory/hydra-client-go/models"
	"golang.org/x/oauth2"

)

func main() {

	adminURL, _ := url.Parse("https://localhost:9001")

	c := client.NewHTTPClientWithConfig(nil, &client.TransportConfig{
		Schemes: []string{adminURL.Scheme}, Host: adminURL.Host, BasePath: adminURL.Path})

	ctx := context.WithValue(context.Background(), oauth2.HTTPClient, &http.Client{Transport: &http.Transport{
		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
	}})

	newClientParams := client_admin.NewUpdateOAuth2ClientParamsWithContext(ctx)

	c.Admin.UpdateOAuth2Client(newClientParams)

	isInstanceAliveParams := client_admin.NewIsInstanceAliveParams()

	ok, err := c.Admin.IsInstanceAlive(isInstanceAliveParams)
	if err != nil {
		panic(err)
	}
	log.Println(ok)
}

In the second version I tried my own version of bypassing the check with InsecureSkipVerify set to true. I am not sure, however, if that is correct the way I did it. Anyway, I wasn’t able to solve the problem.

I didn’t find anything in the docs regarding to this problem specifically, since it is purely of the Go client in my understanding.

Any ideas?

#2 
skipTlsClient := &http.Client{
	Transport: &http.Transport{
		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
	},
	Timeout: 10,
}
transport := httptransport.NewWithClient("127.0.0.1:4444", "/", []string{"https"}, skipTlsClient)
hydra := client.New(transport, nil)

:slight_smile:

#3

Thank you very much for the quick response!!! This is much easier than what I tried to do :smiley: And more successful as well haha