traefik's tls: client didn't provide a certificate when accessing https endpoint





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







0















Here's my configuration



[entryPoints]

  [entryPoints.http]

  address = ":801"



  [entryPoints.https]

  address = ":802"

  [entryPoints.https.tls]

    [entryPoints.https.tls.ClientCA]

      files = ["/etc/ssl/comodo/bundle.crt"]



      [[entryPoints.https.tls.certificates]]

        certFile = "/etc/ssl/comodo/www.crt"

        keyFile = "/etc/ssl/comodo/www.key"



[frontends]

    [frontends.http] # default

      entryPoints = ["http", "https"]

      backend = "fallback"

      passHostHeader = true


Now I'm trying to access https://mydomain:802 and I get following error in traefik debug output
http: TLS handshake error from 111.111.111.111:64463: tls: client didn't provide a certificate



curl error message
error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate



I can't figure out what I'm doing wrong.






https traefik







share|improve this question





























    0















    Here's my configuration



    [entryPoints]
    
  [entryPoints.http]
    
  address = ":801"
    

    
  [entryPoints.https]
    
  address = ":802"
    
  [entryPoints.https.tls]
    
    [entryPoints.https.tls.ClientCA]
    
      files = ["/etc/ssl/comodo/bundle.crt"]
    

    
      [[entryPoints.https.tls.certificates]]
    
        certFile = "/etc/ssl/comodo/www.crt"
    
        keyFile = "/etc/ssl/comodo/www.key"
    

    
[frontends]
    
    [frontends.http] # default
    
      entryPoints = ["http", "https"]
    
      backend = "fallback"
    
      passHostHeader = true


    Now I'm trying to access https://mydomain:802 and I get following error in traefik debug output
    http: TLS handshake error from 111.111.111.111:64463: tls: client didn't provide a certificate



    curl error message
    error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate



    I can't figure out what I'm doing wrong.






    https traefik







    share|improve this question

























      0












      0








      0








      Here's my configuration



      [entryPoints]
      
  [entryPoints.http]
      
  address = ":801"
      

      
  [entryPoints.https]
      
  address = ":802"
      
  [entryPoints.https.tls]
      
    [entryPoints.https.tls.ClientCA]
      
      files = ["/etc/ssl/comodo/bundle.crt"]
      

      
      [[entryPoints.https.tls.certificates]]
      
        certFile = "/etc/ssl/comodo/www.crt"
      
        keyFile = "/etc/ssl/comodo/www.key"
      

      
[frontends]
      
    [frontends.http] # default
      
      entryPoints = ["http", "https"]
      
      backend = "fallback"
      
      passHostHeader = true


      Now I'm trying to access https://mydomain:802 and I get following error in traefik debug output
      http: TLS handshake error from 111.111.111.111:64463: tls: client didn't provide a certificate



      curl error message
      error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate



      I can't figure out what I'm doing wrong.






      https traefik







      share|improve this question














      Here's my configuration



      [entryPoints]
      
  [entryPoints.http]
      
  address = ":801"
      

      
  [entryPoints.https]
      
  address = ":802"
      
  [entryPoints.https.tls]
      
    [entryPoints.https.tls.ClientCA]
      
      files = ["/etc/ssl/comodo/bundle.crt"]
      

      
      [[entryPoints.https.tls.certificates]]
      
        certFile = "/etc/ssl/comodo/www.crt"
      
        keyFile = "/etc/ssl/comodo/www.key"
      

      
[frontends]
      
    [frontends.http] # default
      
      entryPoints = ["http", "https"]
      
      backend = "fallback"
      
      passHostHeader = true


      Now I'm trying to access https://mydomain:802 and I get following error in traefik debug output
      http: TLS handshake error from 111.111.111.111:64463: tls: client didn't provide a certificate



      curl error message
      error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate



      I can't figure out what I'm doing wrong.






      https traefik




      https traefik






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Jan 3 at 22:28









      MikeMike

      487420




      487420
























          1 Answer
          1






          active

          oldest

          votes


















          0














          Why would you want to use Mutual authentication (two-way handshake)? For normal SSL connections your server certificates are enough.



          In your traefik.toml you're configuring Mutual authentication. If you realls want so, you have to provide the certificate within your curl request:



          curl --cert client.pem:<password> --key key.pem --cacert ca.pem


          If you only want to provide "normal" SSL, you should delete following lines:



              [entryPoints.https.tls.ClientCA]
          
      files = ["/etc/ssl/comodo/bundle.crt"]





          share|improve this answer
























            Your Answer






            StackExchange.ifUsing("editor", function () {
            StackExchange.using("externalEditor", function () {
            StackExchange.using("snippets", function () {
            StackExchange.snippets.init();
            });
            });
            }, "code-snippets");

            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "1"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54030682%2ftraefiks-tls-client-didnt-provide-a-certificate-when-accessing-https-endpoint%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            Why would you want to use Mutual authentication (two-way handshake)? For normal SSL connections your server certificates are enough.



            In your traefik.toml you're configuring Mutual authentication. If you realls want so, you have to provide the certificate within your curl request:



            curl --cert client.pem:<password> --key key.pem --cacert ca.pem


            If you only want to provide "normal" SSL, you should delete following lines:



                [entryPoints.https.tls.ClientCA]
            
      files = ["/etc/ssl/comodo/bundle.crt"]





            share|improve this answer




























              0














              Why would you want to use Mutual authentication (two-way handshake)? For normal SSL connections your server certificates are enough.



              In your traefik.toml you're configuring Mutual authentication. If you realls want so, you have to provide the certificate within your curl request:



              curl --cert client.pem:<password> --key key.pem --cacert ca.pem


              If you only want to provide "normal" SSL, you should delete following lines:



                  [entryPoints.https.tls.ClientCA]
              
      files = ["/etc/ssl/comodo/bundle.crt"]





              share|improve this answer


























                0












                0








                0







                Why would you want to use Mutual authentication (two-way handshake)? For normal SSL connections your server certificates are enough.



                In your traefik.toml you're configuring Mutual authentication. If you realls want so, you have to provide the certificate within your curl request:



                curl --cert client.pem:<password> --key key.pem --cacert ca.pem


                If you only want to provide "normal" SSL, you should delete following lines:



                    [entryPoints.https.tls.ClientCA]
                
      files = ["/etc/ssl/comodo/bundle.crt"]





                share|improve this answer













                Why would you want to use Mutual authentication (two-way handshake)? For normal SSL connections your server certificates are enough.



                In your traefik.toml you're configuring Mutual authentication. If you realls want so, you have to provide the certificate within your curl request:



                curl --cert client.pem:<password> --key key.pem --cacert ca.pem


                If you only want to provide "normal" SSL, you should delete following lines:



                    [entryPoints.https.tls.ClientCA]
                
      files = ["/etc/ssl/comodo/bundle.crt"]






                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Jan 15 at 17:04









                R. MoserR. Moser

                64




                64
































                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54030682%2ftraefiks-tls-client-didnt-provide-a-certificate-when-accessing-https-endpoint%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    Mossoró

                    Image
                      Nota: Para outros significados, veja Mossoró (desambiguação). Município de Mossoró "Capital do Oeste Potiguar" [ 1 ] "Capital nacional do Semiárido" [ 2 ] [ 3 ] "Capital Cultural do Rio Grande do Norte" [ 1 ] "Terra de Santa Luzia" [ 4 ] "Terra do Sol, do Sal e do Petróleo" [ 5 ] "Terra da Liberdade [ 6 ] " Centro de Mossoró, com a Praça Vigário Antônio Joaquim e, ao fundo, a câmara municipal de vereadores (esquerda) e Catedral de Santa Luzia (direita) Bandeira Brasão Hino Fundação 15 de março de 1852 (166 anos) Gentílico mossoroense Padroeiro(a) Santa Luzia Prefeito(a) Rosalba Ciarlini Rosado (PP) (2017 – 2020 ) Localização Localização de Mossoró no Rio Grande do Norte Mossoró Localização de Mossoró no Brasil 05° 11' 16" S 37° 20' 38" O 05° 11' 16" S 37° 20' 38" O Unidade federativa Rio Grande do No...
                    Read more

                    Error while reading .h5 file using the rhdf5 package in R

                    Image
                    0 I'm importing a .h5 file into R by using the rhdf5 package. But a warning message showed and I found the DATE_TIME column of my data is NA when I view the imported file. Warning message: In H5Dread(h5dataset = h5dataset, h5spaceFile = h5spaceFile, h5spaceMem = h5spaceMem, : h5read for type 'TIME' not yet implemented. Values replaced by NA's. It's all normal when I use Vitables (Python) to open the .h5 file. But the DATE_TIME column is NA with HDFViewer open it. My code is: library(rhdf5) test <- h5read("mytestdata.h5", "/results") View(mydatatest) I want to use R to open .h5 file. Please give me some help! Thanks in advance! r hdf5 rhdf5 ...
                    Read more

                    Pushsharp Apns notification error: 'InvalidToken'

                    Image
                    1 1 I am currently working on automatic updates for Passbook (wallet) tickets and am experiencing some trouble using the Pushsharp library by Redth. I am using a Push notification certificate from the apple developer portal. I have tried to export my certificate as .p12, .pem and tried to use only the private key as .12 or .pem but nothing works. This is my full certificate (information is blanked out for security reasons): https://cdn.pbrd.co/images/HUJtb7b.png I dont have enough reputation to post images so a link is all i can provide. var succeeded = 0; var failed = 0; var attempted = 0; var config = new ApnsConfiguration(ApnsConfiguration.ApnsServerEnvironment.Sandbox, ConfigManager.CertPath + "PushCertificateV2.p12", ConfigManager.lvppass, fa...
                    Read more