Who has encountered this problem? -> The remote certificate is invalid because of errors in the certificate chain: PartialChain

[liujian1368928]

question：
This should not be a problem with ocelot, I want to know who has encountered this problem, I can not find the corresponding information in our forum, has anyone encountered this problem, I have ssl certificate and configuration, but there will be problems here in ocleot, and other places are normal

ERROR

TEXT

requestId: 0HN5IQBMV7CUA:00000001, previousRequestId: No PreviousRequestId, message: 'Error Code: ConnectionToDownstreamServiceError Message: Error connecting to downstream service, exception: System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
       ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: PartialChain
         at System.Net.Security.SslStream.SendAuthResetSignal(ReadOnlySpan`1 alert, ExceptionDispatchInfo exception)
         at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
         at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken)
         at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)

ocelot.json

        {
          "Routes": [
            {
              "DownstreamPathTemplate": "/order/{url}", // {matchall}
              "DownstreamScheme": "https",
              "UpstreamPathTemplate": "/orders/{url}",
              "UpstreamHttpMethod": [ "Get", "Post" ],
              "ServiceName": "OrderService",
              "UseServiceDiscovery": true,

              "LoadBalancerOptions": {
                "Type": "RoundRobin"
              },
              "FileCacheOptions": {
                "TtlSeconds": 3,
                "Region": "order"
              },
              "RateLimitOptions": {
                "ClientWhitelist": [],
                "EnableRateLimiting": true,
                "Period": "1s",
                "PeriodTimespan": 1,
                "Limit": 1
              },
              "QoSOptions": {
                "ExceptionsAllowedBeforeBreaking": 1,
                "DurationOfBreak": 3000,
                "TimeoutValue": 5000
              }
            }
          ],
          "GlobalConfiguration": {
            "BaseUrl": "https://www.liujian520.asia", //I filled in the host domain name after translating the document here
            "ServiceDiscoveryProvider": {
              "Scheme": "http",
              "Host": "www.liujian520.asia",
              "Port": 8500,
              "Type": "Consul"
            },
            "RateLimitOptions": {
              "DisableRateLimitHeaders": false,
              "QuotaExceededMessage": "请求太多了",
              "HttpStatusCode": 999,
              "ClientIdHeader": "Test"
            }
          }
        }

[raman-m]

Hello! You have the option to disable certificate validation in the route: SSL Errors.
However, I would advise against doing this in a production environment. It might be acceptable for services in China.
Additionally, you could consider downgrading the scheme from https to http as an elegant solution. 😉

[liujian1368928]

thsnks your right , disable certificate validation in the route