Join Log in
Score:0
Green绿色 avatar Server

Setup proxy with local CA certificate on Ubuntu 20.04

in flag
Green绿色

In our company, we have a proxy server with a self-signed CA certificate implementing MITM inspection. No internet connection is possible without this proxy server. My certificate installation process on a fresh install of Ubuntu server 20.04 (omitting sudo):

apt install ca-certificates
openssl x509 -inform der -in CompanyCA.cer -out CompanyCA.crt
openssl x509 -inform der -in CompanyRootCA.cer -out CompanyRootCA.crt
cp CompanyCA.crt CompanyRootCA.crt /usr/local/share/ca-certificates/
update-ca-certificates

This seems to have no effect. curl and wget still require the -k and --no-certificate-check options and apt's certificate verification fails. Timezone, date and time are set correctly.

Is there something else I could try (except ignoring it)?

210
0 + 6
apt
ws flag
symcbean
Check if the certificate has been added to /etc/ssl/certs/ca-certificates.crt, if not run update-ca-certificates with `-v`
0
Reply
captainmish avatar
cn flag
captainmish
also check that the cert and chain is the one you expect with `openssl s_client -connect -showcerts`, or with `curl --cacert`
0
Reply
Alexander Pavluchenko avatar
pl flag
Alexander Pavluchenko
I suggest you also check the system logs for any error messages related to the certificate validation process. It's possible that there's another issue causing these errors.
0
Reply
Green绿色 avatar
in flag
Green绿色
@AlexanderPavluchenko Check the system logs with `dmesg`? I already checked `dmesg`, but didn't spot any errors relating to `apt`.
0
Reply
Green绿色 avatar
in flag
Green绿色
@symcbean I verified both certificates are in `/etc/ssl/certs/ca-certificates.crt`. But `curl` and `apt` still are complaining.
0
Reply
Green绿色 avatar
in flag
Green绿色
I solved this by copying over the certificates from another machine. Our company-internal docs are apparently outdated and are recommending old certificates.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.