When an Xray instance/node is configured to go through an SSL proxy which uses a self-signed certificate, you might encounter the following issue when performing tasks such as an online DB sync:
2021-07-20T14:47:47.500Z [33m[jfxr ][0m [1m[31m[ERROR][0m [c080f44e606d159 ] [samplers:91 ] [main ] Failed to read response from jxrayUrl. Error: Get "https://jxray.jfrog.io/api/v1/system/ping": x509: certificate signed by unknown authority
To overcome this issue, you’ll need to import the Proxy certificate into each Xray instance/pod by placing it under the following path within the Xray machine/container/pods:
/etc/ssl/certs/
Followed by restarting Xray.
The above path is the default directory used by Go applications (such as Xray) when importing SSL certificates.
Published: Aug. 02, 2021
Last updated: Aug 02, 2021
Keywords: Proxy, DB sync, x509, Self-signed certificates