I'm using Ubuntu 22.04 on my company laptop. All is fine when I work from home. However, when I'm in office and working behind a company proxy I start facing SSL issues.
I've been provided with a cert file that I've imported into my Chrome and Firefox browsers. With that my browsers are able to function correctly. However, curl/wget and basically every other tool connecting to HTTPS is running into issues.
Sample wget failure
root@HOST:~# wget -v --no-check-certificate https://ubuntu.com/server/docs/security-trust-store
--2023-04-07 11:57:11-- https://ubuntu.com/server/docs/security-trust-store
Resolving ubuntu.com (ubuntu.com)... 185.125.190.20, 185.125.190.21, 185.125.190.29, ...
Connecting to ubuntu.com (ubuntu.com)|185.125.190.20|:443... connected.
OpenSSL: error:0A000152:SSL routines::unsafe legacy renegotiation disabled
Unable to establish SSL connection.
I've already added the certs from the CLI by running these commands but to no avail.
cp myorg.crt /usr/local/share/ca-certificates
update-ca-certificates
What else am I missing? Appreciate the help.
Some more debugging info
root@HOST:/usr/local/share/ca-certificates# openssl s_client -connect ubuntu.com:443 -CApath /etc/ssl/certs/
CONNECTED(00000003)
80BB91E2547F0000:error:0A000152:SSL routines:final_renegotiate:unsafe legacy renegotiation disabled:../ssl/statem/extensions.c:879:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 85 bytes and written 319 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID: 6BC5F74F9BD4FD98F598BFE7D0DFF4DF8D90CB2057DF2E3D6F3AB3138E5EE9D2
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1681111673
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
