thanks for the reminder that i could install my CA cert on the espocrm server.. i'll try that. -- i'm running the docker image on kubernetes, but i should be able to manage getting the cert into it.
and yes . i worked around it by putting my webhook target on http and that worked fine ..
Allow webhook calls to listeneres with self-signed SSL certificates
Collapse
X
-
If its internal use http or better install Public key CA to your (target) system and Espo.
Example for Debian:
Copy your ca file (e.g. myca.crt) to /usr/local/share/ca-certificates/
From console use command "update-ca-certificates". The output should be "1 added".
For Windows import to root CA's.Leave a comment:
-
Allow webhook calls to listeneres with self-signed SSL certificates
When creating the webhook destination, allow the admin to set a flag so that the Certificate of the peer (the listener) is not verified.
This would allow self-signed certs to be used on the listener stack. (possibly because its self-hosted on a network that is not exposed to the outside world).
As yuri pointed out in my post asking if this is possible, the verification of the peer cert is hard-coded to true.
(post: https://forum.espocrm.com/forum/inst...sl-certificate)
It calls CURL: https://github.com/espocrm/espocrm/b...Sender.php#L90
the feature request is to add an option at webhook creation, that then controls the ssl peer cert validation flag in the curl call.
thanks!Tags: None
Leave a comment: