Skip to content

Error making GET request - TLS: failed to verify certificate: x509: certificate signed by unknown authority #5543

Closed
#5558
Closed
Error making GET request - TLS: failed to verify certificate: x509: certificate signed by unknown authority#5543
#5558
Assignees
Lumexralph
Labels
good first issueGood for newcomerskind/bugCategorizes issue or PR as related to a bug.triage/pending-triageThis issue was not triaged.
@mick-huska

Description

@mick-huska
mick-huska
opened on Nov 4, 2025

We are unable to make a secure connection to our on-premise Secret Server.
The error log from the external-secrets pod is:

Error making GET request: Get "<secret server url>": tls: failed to verify certificate: x509: certificate signed by unknown authority

It appears some providers have a CAprovider or CAbundle option, while Secret Server does not.

To Reproduce
Steps to reproduce the behavior:

  1. provide all relevant manifests
apiVersion: external-secrets.io/v1
kind: SecretStore
metadata:
  name: secret-server-store
spec:
  provider:
    secretserver:
      serverURL: "URL removed"
      username:
        value: "externalsecrets"
      password:
        secretRef:
          name: external-secrets-pw
          key: password

apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
    name: secret-server-external-devdba
spec:
    refreshInterval: 1h
    secretStoreRef:
        kind: SecretStore
        name: secret-server-store
    data:
      - secretKey: SecretServerValue 
        remoteRef:
          key: "key removed" 
          property:
  1. Versions:
    ESO: oci.external-secrets.io/external-secrets/external-secrets:v0.20.4
    Kubernetes Version: v1.31.12 +rke2r1

Expected behavior
Secrets returned from Secret Server provider through ESO, without a TLS error.

Metadata

Metadata

Assignees

Labels

good first issueGood for newcomerskind/bugCategorizes issue or PR as related to a bug.triage/pending-triageThis issue was not triaged.

Type

No type

Projects

External Secrets

Status

Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions