Support

Publishing to an RStudio Connect Server with a Self-Signed SSL Certificate

Follow

Overview

When publishing to RStudio Connect with SSL, errors may occur when using self-signed SSL certificates. You may see an error that looks like this in the Deploy pane or log:

Peer certificate cannot be authenticated with known CA certificates

This error message is received when using an untrusted self-signed SSL certificate.  To resolve the error, the certificate must be trusted by the system you're attempting to publish from. 

Adding the self-signed SSL certificate to your publishing host

Linux Instructions (Publishing from RStudio Server Pro)

You must add the certificate from your RStudio Connect server to the existing default Trusted Root Certification Authorities bundle used by the rsconnect package on your RStudio Server. To do this, you'll first need the certificate for your RStudio Connect server in PEM format. You'll then append this to the existing CA certificate bundle for rsconnect on your RStudio Server.

Note that if multiple users wish to publish to RStudio Connect, this must be set for all copies of the rsconnect package that will be used - if users have rsconnect installed in their local package libraries, each user will need to follow these steps for their particular installation of rsconnect.

On Linux, the 'openssl' tool is one way to extract the cert for a particular server.  From within R:

system("echo | openssl s_client -connect yourdomain.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'")

Note:  You will need to change yourdomain.com:443 to your domain and SSL port.

The certificate will have "BEGIN CERTIFICATE" and "END CERTIFICATE" markers. 

To trust the certificate, copy the full certificate, including the BEGIN and END markers, and append it to your ca-bundle for rsconnect on your RStudio Server host.

    • Locate the cacert.pem file in the rsconnect library folder on your RStudio Server host.  For example:

~/R/x86_64-redhat-linux-gnu-library/3.3/rsconnect/cert/cacert.pem

    • Open the cacert.pem file, and append the certificate from the RStudio Connect server to the end of it.

For example, copy the certificate text from the Console into cacert.pem:

CertExample.PNG

Other Operating Systems: 

For Windows and Mac, the process is similar.  Obtain the certificate from your system administrator or browser, and add it into the cacert.pem file stored in the cert folder within the rsconnect library.

The system administrator can obtain the certificate by viewing the certificate specified in the configuration directive "Certificate = ", in the file located at  /etc/rstudio-connect/rstudio-connect.gcfg

 

 

Have more questions? Submit a request

Comments