Thank you for your feedback, actually I am trying to use curl to call the st2api with a post method.
curl -X POST -H 'Accept: */*' -H 'content-type: application/json' -H 'St2-Api-Key: ***' --data-binary '{"action": "faultdesign.ApiAdapter","parameters": {"srNo": "456789","taskName": "201809030000","country": "","operator": "","productFamily": "Huawei Storage","subType": "Huawei Storage","selectedNodes": {"l2Name": "Disk Alarm","l1Name": "ISM/Device Manager Alarm","l3Name": ""},"product": "OceanStorage","productLine": "IT","logfiles": "","createUser": "","reStart": "","summary": ""}}' https://wesre.***.com/api/v1/executions
and I got the error like this:
curl: (60) Peer's Certificate issuer is not recognized.
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
However, when I use browser to open the portal, it works fine and the site displays as safe sites which
means the certificate was trusted by my browser.
My company issued the CA certificate as a pfx file,and I export the key and crt file by the following
commands.
openssl pkcs12 -in ./cert.pfx -out public.crt -clcerts -nokeys
openssl pkcs12 -in ./cert.pfx -out public.key.pem -nodes -nocerts
and I updated the ngnix configuration file under folder of vi /etc/nginx/conf.d/st2.conf like below
server {
listen *:443 ssl;
ssl on;
ssl_certificate /etc/ssl/st2/public.crt;
ssl_certificate_key /etc/ssl/st2/public.key.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;