Having an issue getting OIDC working with a private CA. I think this is a matter of getting the CA path in the right location, but I can’t seem to figure it out where to define the CA chain.
{"type":"error","@timestamp":"2019-04-04T15:24:48Z","tags":["error","openid"],"pid":1,"level":"error","error":{"message":"Client request error: unable to verify the first certificate","name":"Error","stack":"Error: unable to verify the first certificate\n at TLSSocket.<anonymous> (_tls_wrap.js:1116:38)\n at emitNone (events.js:106:13)\n at TLSSocket.emit (events.js:208:7)\n at TLSSocket._finishInit (_tls_wrap.js:643:8)\n at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:473:38)","code":"UNABLE_TO_VERIFY_LEAF_SIGNATURE"},"message":"Client request error: unable to verify the first certificate"}
/usr/share/kibana/plugins/opendistro_security/lib/auth/types/openid/OpenId.js:151
throw new Error('Failed when trying to obtain the endpoints from your IdP');
^
Error: Failed when trying to obtain the endpoints from your IdP
at Wreck.get (/usr/share/kibana/plugins/opendistro_security/lib/auth/types/openid/OpenId.js:134:23)
at request (/usr/share/kibana/plugins/opendistro_security/node_modules/wreck/lib/index.js:518:20)
at finish (/usr/share/kibana/plugins/opendistro_security/node_modules/wreck/lib/index.js:229:20)
at wrapped (/usr/share/kibana/plugins/opendistro_security/node_modules/hoek/lib/index.js:879:20)
at ClientRequest.onError (/usr/share/kibana/plugins/opendistro_security/node_modules/wreck/lib/index.js:166:16)
at Object.onceWrapper (events.js:315:30)
at emitOne (events.js:116:13)
at ClientRequest.emit (events.js:211:7)
at TLSSocket.socketErrorListener (_http_client.js:401:9)
at emitOne (events.js:116:13)
at TLSSocket.emit (events.js:211:7)
at emitErrorNT (internal/streams/destroy.js:66:8)
at _combinedTickCallback (internal/process/next_tick.js:139:11)
at process._tickCallback (internal/process/next_tick.js:181:9)