frogbot icon indicating copy to clipboard operation
frogbot copied to clipboard
verified publisher icon jfrog

How do I configure self signed certs with frogbot

Open joergsesterhenn opened this issue 5 months ago • 1 comments

I need to run frogbot in a self hosted gitlab against a self hosted xray installation that uses self-signed certificates.

I followed the instructions here https://jfrog.com/help/r/jfrog-security-user-guide/shift-left-on-security/frogbot/installation/gitlab-ci

However I get this warning when I run the gitlab pipeline:

...
Frogbot downloaded successfully!

08:40:16 [Info] Frogbot version: 2.27.3

08:40:16 [Warn] (Attempt 1) - Failure occurred while sending GET request to https://myserver/xray/api/v1/system/version: Get "https://myserver/xray/api/v1/system/version": tls: failed to verify certificate: x509: certificate signed by unknown authority

08:40:16 [Warn] (Attempt 2) - Failure occurred while sending GET request to https://myserver/xray/api/v1/system/version: Get "https://myserver/xray/api/v1/system/version": tls: failed to verify certificate: x509: certificate signed by unknown authority

08:40:16 [Warn] (Attempt 3) - Failure occurred while sending GET request to https://myserver/xray/api/v1/system/version: Get "https://myserver/xray/api/v1/system/version": tls: failed to verify certificate: x509: certificate signed by unknown authority

08:40:16 [Warn] (Attempt 4) - Failure occurred while sending GET request to https://myserver/xray/api/v1/system/version: Get "https://myserver/xray/api/v1/system/version": tls: failed to verify certificate: x509: certificate signed by unknown authority

08:40:16 [Info] executor timeout after 3 attempts with 0 milliseconds wait intervals

08:40:16 [Error] failed while attempting to get JFrog Xray version: Get "https://myserver/xray/api/v1/system/version": tls: failed to verify certificate: x509: certificate signed by unknown authority
...

How to I configure self signed certs with frogbot.

I already tried putting the certs in .jfrog/security/cert as well as setting SSL_CERT_DIR to that directory. Please provide a working example of a gitlab config that uses self-signed certs.

-- I additionally created Ticket 370760 with JFrog support.

joergsesterhenn avatar Sep 05 '25 11:09 joergsesterhenn

Hello,

I was in the same situation and to overcome this problem i had to build another docker with the .crt already in it in /etc/ssl/certs.

I also directly put the frogbot in it.

An --tls-insure option would be cool.

fwernert avatar Sep 29 '25 19:09 fwernert