#Tauri with self signed certificates?

My tauri app runs inside an internal network of mine, which uses all self signed certificates.

My Tauri app also gets some resources from an API that is inside this network and therefore, technically doesn't need the certificate.

Now the issue is that Tauri as far as I am aware, can't work in a "ignore certificate issues" mode? Is that correct? Do you know some workarounds?

I see some similar issue but unfortunately didn't find a solution, yet.

I added the ca cert to my systems cert store. Now I get some steps further, but stuck now at a TLS error in the console complaining about 'unable to get issuer certificate'...

I have the CA installed as far as I can tell.

So, in theory that should make the self signed valid, right?

Ignoring would be ok for me, too as it's internal network

Think so

but tauri can't ignore it?

Didn't find a way yet

I read a few github issues from last year talking about that webkit doesn't support it yet and therefore they can't do much than wait

but there was never any follow up

What functions are you using to fetcj your API? I'm an tauri.http module now... Maybe there's something to configure I didn't found yet

I have an Angular app with axios

Ah, ok

So looks like the issue is tech independent

I did have it working once with a workaround of building my own HTTP client in rust, but that solution is bad in my case, doesn't scale much

I can share that later if you want

Nice solution but sounds like a hack

it is

that's why I don't want to put it into production

You would have to constantly check it and see if it works or not and implement every detail of the HTTP request/response that you need

needs a lot of insights and time

Sadly I think you might have already found the answer. If the webview doesnt support it then we cant do much about it. You can, as per your workaround, do things with Rust differently. It should be pretty easy to just use e.g. reqwest for it. Or the http module in the tauri api might fit the bill even https://tauri.app/v1/api/js/http

Tauris http module ends in my tls error. Is there something I'm missing in configuration?

last time I checked (couple months ago), it wasn't able to ignore certificates.

In the end, I had to use reqwest to make the workaround

Could be scope related https://tauri.app/v1/api/js/http/#security
But I'm not sure, I dont use the module enough to know if it can ignore certificates. We might have to add an option for it

But reqwest is at least an option, shouldnt be THAT hard to make just a single command you can reuse everywhere similar to the http module

in my opinion internal services whouldn't exists anymore in 2023

everything should be accessible from everywhere, (with auth/log/audit btw)

Try telling that to someone working within the military 😅

it's the myth of the fortress

https://www.clever-cloud.com/blog/guests/2015/06/16/the-end-of-the-fortress-metaphor/

That's mostly related to people thinking "as long as it's internal we dont need to think about security", that's where the whole self signed certificates part comes in. Making it harder to reach the internal network and communicating internally still makes things safer and harder to hack, it just isnt the only protection you need, which is why you should use https for example and not http even in an internal network, like these guys are doing 🙂

Your network is a fortress, it just happens to be a fortress built in Westeros where all resources need to be careful with who they trust

draw of the network and/or diagram isn't the reality 😅