Is there a way to turn off certificate verification for S3 backend

2,878 views
Skip to first unread message

Sean O'Reilly

unread,
Apr 19, 2017, 6:18:59 AM4/19/17
to Terraform
Hi

Due to our corporate proxy I am getting the following error:

Failed to load backend:
Error configuring backend "s3": RequestError: send request failed
caused by: Post https://sts.amazonaws.com/: x509: certificate signed by unknown authority

Please update the configuration in your terraform files to fix this error.
If you'd like to update the configuration interactively without storing
the values in your configuration, run "terraform init".

Is there a way to turn off certificate verification for backends?

Cheers

Sean

Phil S

unread,
May 21, 2017, 1:16:51 AM5/21/17
to Terraform
My guess is your corporate proxy is doing SSL interception, and so is re-signing with your organisation's key.

If you have your company proxy's Certificate Authority imported into your server, it should trust it and avoid the error - this is the cleanest solution.  If you turn off cert verification, you're lowering your security as that means anyone could impersonate the host (not just your corp proxy).

Phil

Sean O'Reilly

unread,
May 21, 2017, 2:31:24 AM5/21/17
to Terraform

Hi Phil

That is indeed the case. I have all certificates imported and still seeing the issue. I have bypassed the SSL interception for the endpoint for now, but will work on a more permanent solution.


--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to a topic in the Google Groups "Terraform" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/terraform-tool/_HspA213SQE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to terraform-too...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/f231a484-fed2-4e2d-a2c4-db60e1a08986%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

thirstyd...@gmail.com

unread,
May 22, 2017, 5:57:48 AM5/22/17
to Terraform
I also have problems with the s3 backend due to my workplace's environment. They emerged due to a refactor of the s3 backend in 0.9.3

I submitted pull request 14096 to address but it's awaiting review. Maybe it will help you as well?
Reply all
Reply to author
Forward
0 new messages