Introduction
An SSL error is encountered in Xray when running JAS scan:
This error can be seen in xray-contextual-analysis.log and xray-exposures.log, indicating an inability to connect to Artifactory.
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain
Root Cause
The root cause of this issue is that Xray fails to verify the self-signed certificate when accessing myartifactory.com:443. The absence of the CA certificate leads to the failure of the SSL connection, resulting in connectivity issues.
Resolution
Modify Xray Configuration
Reference the custom certificate by modifying the configuration and restarting Xray:
$ openssl s_client -connect myartifactory.com:443 -showcerts < /dev/null > /opt/jfrog/xray/var/etc/security/keys/trusted/myart.pem
$ vim /opt/jfrog/xray/var/etc/system.yaml
executionService:
platformCertificatePath: "/opt/jfrog/xray/var/etc/security/keys/trusted/myart.pem"
Restart the K3s cluster.
References:
https://jfrog.com/help/r/jfrog-installation-setup-documentation/xray-system-yaml
https://jfrog.com/help/r/jfrog-installation-setup-documentation/configure-jas-for-self-signed-non-helm-installation