Trusting self-signed certificate in development


#1

I am trying to connect to a resource server using Oathkeeper in Docker for Windows and, since I am still in my development setup, I am using self-signed certificates. So far, I have successfully managed to hit the resource server, but Oathkeeper keeps complaining about the server certificate being signed by an unknown authority. The log message is the following:

time="2019-04-18T15:43:38Z" level=warning msg="Access request denied because roundtrip failed" error="x509: certificate signed by unknown authority" granted=false
2019/04/18 15:43:38 http: proxy error: x509: certificate signed by unknown authority

How can I indicate Oathkeeper (or Docker) to trust my certificates (or to skip validation)? I know in Hydra you can simply use the --skip-tls-verify flag, but I cannot find a similar alternative in Oathkeeper.

Any help would be greatly appreciated.


#2

Hi! Sorry, I completely missed this - would you be open to opening an issue on GH for this? Thank you!