Hi Guys,
Have any one of you dealt with certificate issues where searching or installation of snaps are unavailable because of corporate certs. I have already installed our company cert in location /usr/local/share/ca-certificates and ran update-ca-certificates command after adding the cert file.
Commands such as curl are working but snap command for searching and installing snaps fail with x509: incorrect certificate error.
Any help and guidance is appreciated.
Thank you.
Can anyone please assist with the SSL issue described above?
any reason you’ve got ca-certificates in usr/local instead of the usual /etc?
I followed this link on ubuntu manpages to add our company SSL cert to my workstation. It works with curl and many other built-in utilities but not with snap.
Extending system certificates is similar
I don’t think Golang ever looks into /usr/local/share/ca-certificates. IIRC it either uses a bundle file, which I doubt update-ca-certificates updates, and looks into specific directories for any extra certificates.
Can you put your certificate in one of the following locations, provided it exists in your system:
// Possible directories with certificate files; stop after successfully
// reading at least one file from a directory.
var certDirectories = []string{
"/etc/ssl/certs", // SLES10/SLES11, https://golang.org/issue/12139
"/system/etc/security/cacerts", // Android
"/usr/local/share/certs", // FreeBSD
"/etc/pki/tls/certs", // Fedora/RHEL
"/etc/openssl/certs", // NetBSD
"/var/ssl/certs", // AIX
}
I haven’t tried this on my ubuntu 19.04 install yet, but on Pop-OS, I was able to get it working with just adding the cert to /usr/local/share/ca-certificates. I will try your solution later this week.