Spring Boot: 2.6.2, Spring Cloud: 2021.0.0

I'm trying to set up a Spring Cloud Config Server with Vault backend. Vault runs on TLS. When I make a call to the config server (http://localhost:8888/application/profile), I get the following error: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. If I uncomment the spring.cloud.config.server.vault.skip-ssl-validation=true property, then everything works.

With the exact same settings I can connect to Vault using the spring-cloud-starter-vault-config dependency. I included vault config in the reproducer for clarity.

Am I doing something wrong or is this a bug in Spring Cloud Config Server?

Here's the minimal reproducer.

Comment From: ryanjbaxter

Sounds like vault is using an untrusted ssl certificate

Comment From: nkvaratskhelia

Vault is using a self-signed certificate.

Comment From: ryanjbaxter

Right so the http client used by the config server does not trust it hence the exception. The ssl certificate needs to be trusted or installed in the jvm (or you can use the property)

Comment From: nkvaratskhelia

Isn't the spring.cloud.config.server.vault.ssl.trust-store property supposed to do just that? You pass it a truststore containing certificates against which Vault's certificate is compared. At least that's how the spring.cloud.vault.ssl.trust-store property works when connecting to Vault with spring-cloud-starter-vault-config.

Comment From: ryanjbaxter

Seems like it should yes. But then again it depends where that exception is originating from. Do you have the whole stacktrace?

Comment From: nkvaratskhelia

Yep, here's the stacktrace: stacktrace.txt

Comment From: ryanjbaxter

Interesting it does look like the request is originating from the vault environment repository so you would think it would be using those settings, we would have to take a look

Comment From: ryanjbaxter

I tried to access your demo repo but it doesn't seem to exist anymore, can you please provide a sample repo?

Comment From: spring-cloud-issues

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

Comment From: spring-cloud-issues

Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.