Skip to content

fix(dgw): self-signed TLS certificate generation of the Docker image build #1650

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
CBenoit merged 2 commits into from
Jan 6, 2026
Merged

fix(dgw): self-signed TLS certificate generation of the Docker image build #1650

CBenoit merged 2 commits into from
Jan 6, 2026

Conversation

Copy link
Contributor

Copilot AI commented Jan 6, 2026
edited
Loading

Self-signed TLS certificate generation in the Docker entrypoint fails because OpenSSL receives undefined variables for output paths.

Root cause:
Lines 190-191 define $TlsPrivateKeyFile and $TlsCertificateFile, but lines 195-196 reference undefined $PrivateKeyFile and $CertificateFile (missing Tls prefix).

Changes:

  • Corrected variable references in OpenSSL arguments to match declared variable names
# Before
"-keyout", $PrivateKeyFile,      # undefined
"-out", $CertificateFile,        # undefined

# After  
"-keyout", $TlsPrivateKeyFile,   # matches line 191
"-out", $TlsCertificateFile,     # matches line 190

This prevents the error:

Get-Content: Cannot find path '/tmp/gateway-{hostname}.pem' because it does not exist.
Exception: Empty certificate chain!
Original prompt

Bug Description

In package/Linux/entrypoint.ps1, there's a variable name mismatch in the self-signed TLS certificate generation code that causes certificate files to never be created.

Current Behavior

When the script attempts to generate a self-signed certificate, it fails with:

Generating self-signed TLS certificate for '8407599dc491'...
Get-Content: Cannot find path '/tmp/gateway-8407599dc491.pem' because it does not exist.
Get-Content: Cannot find path '/tmp/gateway-8407599dc491.key' because it does not exist.
Exception: Empty certificate chain!

Root Cause

Lines 188-190 use incorrect variable names ($PrivateKeyFile and $CertificateFile) in the OpenSSL arguments, but the actual variables defined on lines 185-186 are $TlsPrivateKeyFile and $TlsCertificateFile.

# Lines 185-186: Variables are defined as
$TlsCertificateFile = "/tmp/gateway-$Hostname.pem"
$TlsPrivateKeyFile = "/tmp/gateway-$Hostname.key"

# Lines 188-190: But OpenSSL uses wrong variable names
$Arguments = @(
    "req", "-x509", "-nodes",
    "-newkey", "rsa:2048",
    "-keyout", $PrivateKeyFile,      # ❌ Wrong - should be $TlsPrivateKeyFile
    "-out", $CertificateFile,        # ❌ Wrong - should be $TlsCertificateFile
    "-subj", "/CN=$Hostname",
    "-days", "1825"
)

Required Fix

Change lines 189-190 in package/Linux/entrypoint.ps1 to use the correct variable names:

"-keyout", $TlsPrivateKeyFile,
"-out", $TlsCertificateFile,

File Location

  • File: package/Linux/entrypoint.ps1
  • Lines: 189-190
  • Commit: 9f0666c

This pull request was created from Copilot chat.

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@Dahllias
Fix TLS certificate variable name mismatch in entrypoint.ps1
43a336f 
Co-authored-by: Dahllias <96178300+Dahllias@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix variable name mismatch in TLS certificate generation fix(agent): correct variable names in self-signed TLS certificate generation Jan 6, 2026
Copilot AI requested a review from Dahllias January 6, 2026 19:19
@Dahllias Dahllias changed the title fix(agent): correct variable names in self-signed TLS certificate generation fix(docker): correct variable names in self-signed TLS certificate generation Jan 6, 2026
Dahllias
Dahllias approved these changes Jan 6, 2026
View reviewed changes
Copy link
Contributor

@Dahllias Dahllias left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Dahllias Dahllias requested a review from CBenoit January 6, 2026 19:31
@Dahllias Dahllias marked this pull request as ready for review January 6, 2026 19:31
@CBenoit CBenoit changed the title fix(docker): correct variable names in self-signed TLS certificate generation fix(dgw): correct variable names in self-signed TLS certificate generation of the Docker image Jan 6, 2026
@CBenoit CBenoit enabled auto-merge (squash) January 6, 2026 19:51
CBenoit
CBenoit approved these changes Jan 6, 2026
View reviewed changes
Copy link
Member

@CBenoit CBenoit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@CBenoit CBenoit changed the title fix(dgw): correct variable names in self-signed TLS certificate generation of the Docker image fix(dgw): self-signed TLS certificate generation of the Docker image build Jan 6, 2026
@CBenoit CBenoit disabled auto-merge January 6, 2026 19:53
@CBenoit CBenoit enabled auto-merge (squash) January 6, 2026 19:54
@CBenoit CBenoit merged commit 53b1c18 into master Jan 6, 2026
40 checks passed
@CBenoit CBenoit deleted the copilot/fix-tls-certificate-generation branch January 6, 2026 20:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@CBenoit CBenoit CBenoit approved these changes

+1 more reviewer

@Dahllias Dahllias Dahllias approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@Dahllias Dahllias

Copilot code review Copilot

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@CBenoit @Dahllias