I have a microservice written in KTOR. For local testing, I’m using the ktor-network-tls-certificates-jvm:2.3.10 library to generate a self-signed certificate. If I make HTTPS requests using Insomnia, it works perfectly. However, when hitting it from a local web page, I get the following errors:
But do you trust this certificate on the client side? I never used Insomnia, but if it is a tool for testing, then it is probable the security is disabled by default. Your web application is most probably secure by default, so it won’t accept a self-signed cert until you trust it explicitly or disable the security entirely.
The problem with that theory is that I would expect the error to be on the client side, not the server side. I’m using https from both Insomnia and my web front end, so I think the behaviour should be the same.
Just to make it absolutely clear, the error logs I included above are from my KTOR server, NOT my web application. So requests to my KTOR server from Insomnia will work, but requests to my KTOR server from my web application cause an error in my KTOR server.
No I think I gave up, in the end. I wonder if it’s related to the error I get when hitting my KTOR server at all? When I start my KTOR server and hit it with HTTPS traffic, I get two stack traces related the certificate, but only on the first request, never after that. Also HTTPS traffic works, so I don’t really know what to make of it.