Hey flyte team im trying to use flyteremote and am running into a SSL error. Peer name is not in peer certification. The documentation doesnt make it exactly clear how to pass in the cert unless I missed something. Is it as simple as passing in the path to the “certificate_chain” option?

yes, these are grpc options, let me share

we have our cert, is it possible to show example snippet of how you would pass it? Documentation was a bit thin in this regard.

Yes, we will do

Is it this? It seems like we are supposed to read in the cert bytes then pass it as an arg to FlyteRemote's `grpc_credentials`: nvm Chirag tried this and it didn't work https://flyte-org.slack.com/archives/CP2HDHKE1/p1675532821853759?thread_ts=1675162165.893489&cid=CP2HDHKE1

remote_client._client = remote_client.client.with_root_certificate(remote_client.config.platform, "/path/to/cert.cer")
remote_client._client_initialized = True

this will fix that first issue. flytekit doesn’t apply the cert to both place - only when trying to create the channel for auth, not when generally just making calls, which is why it was failing. we should update that but this is the workaround for now. the root cause is that the user is trying to access flyte from a domain different than the one that the cert was generated for, which is why it needs to be passed in. running now into a second issue but suspect it’s unrelated. will report back if not.

Tried the above and got error

_InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
        status = StatusCode.INTERNAL
        details = "Exception serializing request!"
        debug_error_string = "None"

that’s the second issue

let me verify now

can we first verify with

flytectl --admin.caCertFilePath /path/to/cert get projects

it works, it also works without the cert