Corporate SSL issue


#1

Hi Guys,

Have any one of you dealt with certificate issues where searching or installation of snaps are unavailable because of corporate certs. I have already installed our company cert in location /usr/local/share/ca-certificates and ran update-ca-certificates command after adding the cert file.
Commands such as curl are working but snap command for searching and installing snaps fail with x509: incorrect certificate error.

Any help and guidance is appreciated.

Thank you.


#2

Can anyone please assist with the SSL issue described above?


#3

any reason you’ve got ca-certificates in usr/local instead of the usual /etc?


#4

I followed this link on ubuntu manpages to add our company SSL cert to my workstation. It works with curl and many other built-in utilities but not with snap.


#5

Extending system certificates is similar


#6

I don’t think Golang ever looks into /usr/local/share/ca-certificates. IIRC it either uses a bundle file, which I doubt update-ca-certificates updates, and looks into specific directories for any extra certificates.

Can you put your certificate in one of the following locations, provided it exists in your system:

// Possible directories with certificate files; stop after successfully
// reading at least one file from a directory.
var certDirectories = []string{
        "/etc/ssl/certs",               // SLES10/SLES11, https://golang.org/issue/12139
        "/system/etc/security/cacerts", // Android
        "/usr/local/share/certs",       // FreeBSD
        "/etc/pki/tls/certs",           // Fedora/RHEL
        "/etc/openssl/certs",           // NetBSD
        "/var/ssl/certs",               // AIX
}

#7

I haven’t tried this on my ubuntu 19.04 install yet, but on Pop-OS, I was able to get it working with just adding the cert to /usr/local/share/ca-certificates. I will try your solution later this week.