I add a self-signed certificate to the nats and the resgate, but resgate writes to me “Failed to start server: x509: certificate signed by unknown authority.”
Tell me how you add certificates for local development.
Hi! And welcome to the forum! 
Sorry for the delayed response. I missed to noticed that the Discourse forum had erroneously flagged your post as needing approval. Strange.
What did you do to get the error? I just tried with a self-signed cert (using this page as a reference on how to generate the cert), and it worked fine:
openssl genrsa -out server.key 2048
openssl ecparam -genkey -name secp384r1 -out server.key
openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650
resgate --tls --tlscert server.crt --tlskey server.key
Or did you use the certificate on nats-server, so that you got the error when resgate tried to connect to NATS?
Maybe this page would help: NATS Docs - Enabling TLS
Best regards,
Samuel
Were you able to find a solution for this? I’m facing the same issue.
Thanks
Hi Samuel,
I’m trying to get resgate going in a K8s cluster, and i’m getting the same error, “certificate signed by unknown authority” when it tries to connect to NATS.
I’ve looked at Enabling TLS - NATS Docs, and where i’m stuck is trying to configure resgate to recognize and trust the local CA i have setup.
I see that the container is based on the “scratch” image, so I’m not sure if we need to build our own container to inject the certs or if there is an easier way.
Thanks!
edit: figured it out, just needed to put it in etc/ssl/certs
Great!
Sorry for the delay. As I said in another post; I’ve been busy with the release deadline of a project I’ve been working on. But now it is completed, and I am back to work fully on Resgate again 
Yes, I haven’t included certs in the Resgate docker build, as they are only needed if Resgate wants to make an outgoing HTTPS connection (AFAIK). Which it doesn’t need to do 
Glad you got it to work!
Best regards,
Samuel