fix: console should trust itself with its own public.crt (#827)

2021-06-21 18:15:57 -07:00
parent b10c4f51b1
commit fd86e65e5e
2 changed files with 4 additions and 5 deletions
--- a/pkg/certs/certs.go
+++ b/pkg/certs/certs.go
@@ -325,5 +325,9 @@ func GetAllCertificatesAndCAs() (*x509.CertPool, []*x509.Certificate, *xcerts.Ma
 	if rootCAs == nil {
 		rootCAs = &x509.CertPool{}
 	}
+	// Add the public crts as part of root CAs to trust self.
+	for _, publicCrt := range publicCerts {
+		rootCAs.AddCert(publicCrt)
+	}
 	return rootCAs, publicCerts, certsManager, nil
 }
--- a/restapi/configure_console.go
+++ b/restapi/configure_console.go
@@ -147,11 +147,6 @@ func configureAPI(api *operations.ConsoleAPI) http.Handler {

 // The TLS configuration before HTTPS server starts.
 func configureTLS(tlsConfig *tls.Config) {
-	// Add the global public crts as part of global root CAs
-	for _, publicCrt := range GlobalPublicCerts {
-		GlobalRootCAs.AddCert(publicCrt)
-	}
-
 	tlsConfig.RootCAs = GlobalRootCAs
 	tlsConfig.GetCertificate = GlobalTLSCertsManager.GetCertificate
 }