Possible to ignore self signed requirements on imports

Hi,

we have a host of helper functions for our scripts and wanted to host them on a local server but get the self signed cert error:

Get “https://10.13.236.69:8091/tmp/web-server/functions/perf_k6_date.js”: x509: certificate signed by unknown authority"

tried to use the insecureSkipTLSVerify: true, option but it still fails.

Any way around this?

Hi @BobRuub !

tried to use the insecureSkipTLSVerify: true , option but it still fails.

It fails because this option only applies to connections created by VU code.

For the module, downloading k6 uses the default HTTP client without the possibility of skipping TLS verification.

Wo what workaround is still possible is trusting the server certificate on OS level, for example on Linux (alpine example), you can do something like:

apk update && apk add ca-certificates
cp servercert.crt /usr/local/share/ca-certificates/servercert.crt
update-ca-certificates

Let me know if that helps!
Cheers!

Got it working locally.

You have to create the cert with the IP of the server as the common name and when I served it locally seemed to work OK.

However, building on a remote server still fails using the same technique.

At this stage I’m going to park it until I get some more time.

The best way would be to go to the network team and order a proper cert but that comes with bureaucracy overhead :frowning: that I don’t have time or energy for right now.

@BobRuub :frowning:

The best way would be to go to the network team and order a proper cert, but that comes with bureaucracy overhead :frowning: that I don’t have time or energy right now.

Yeah, a proper cert will be the best option.

However, till that moment, another workaround could be to execute a small script to download the shared libraries with the curl (or any other tool) before the k6 run.

Let me know if that helps,
Cheers!

I would also recommend using k6 archive script.js and then running the produced archive with k6 run archive.tar.

The archive will have all the files it needs and won’t need to call the server to get them.

This can both:

  1. remove the need for the server if that was your problem - moving multiple files
  2. make it possible to have the files or the server accessible only from one place(or at least fewer places)

Hope this helps

thanks all for your ideas.

I did get a cert but the server lives in AWS so I’d need to get yet another team involved to setup correctly as when it comes to cloud servers I’m an awesome performance tester.

In the end we used a git repo as the import source and it works a treat.

1 Like