I’m having a problem getting signed certs to work when using the -c option with the quickstart script.
The config and certs are all created on the server and everything seems fine, however I cannot connect to the api using the balena-cli from a remote ubuntu machine.
I keep getting the following error:
UNABLE_TO_GET_ISSUER_CERT_LOCALLY: request to https://api.prod.xxxxx.xx/login_ failed, reason: unable to get local issuer certificate
In the quickstart guide it only mentions self-signed certs i.e. running quickstart without the -c option and this works fine for me. After the cert are created I downloaded the generated ca.crt to the client machines and set the NODE_EXTRA_CA_CERTS env variable.
I have tried the same process after the signed certs are created but I get the error listed above. I think its because I need the CA Bundle on the client machine rather than just the ca.crt but I don’t see this on the server anywhere.
Do you have any documentation on the process for suing signed certs or can you provide the steps required to allow the balena-cli on a remote machine to connect using signed certs?