Join Log in
Score:0
Petria3s avatar Ubuntu

CA Certificates on Ubuntu Pro 20.04 Image are not recognized when trying to installing tools like terraform, docker, etc on the image

sm flag
Petria3s

For our Scale Sets, I use the Ubuntu Pro 20.04 image as our base image. On this base image I intend to install all find of software deployment tools including docker, terraform, kubernetes, helm, terragrunt, etc. The installation is done via shell script where I first set all local variables, import environment variables, set company proxies and copy our root certificate. The sertificate itself is copied and accessible from /usr/local/share/ca-certificates, additionally from /etc/ssl/certs and from /usr/local/share/ca-certificates/. However, when I try to load the certificate into the ca-store with sudo update-ca-certificates the certificates do not get loaded and it comes to the error: Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done. The strange thing is that the certificate itself is in all those locations but somehow not recognized by Ubuntu. This leads to the following output when trying to install terraform and docker:

==> azure-arm:   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
==> azure-arm:                                  Dload  Upload   Total   Spent    Left  Speed
==> azure-arm:   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
==> azure-arm: curl: (60) SSL certificate problem: self signed certificate in certificate chain
==> azure-arm: More details here: https://curl.haxx.se/docs/sslcerts.html

How to reproduce:

echo "Install root-certificates"
cat << EOF > root-ca-certificate.pem
-----BEGIN CERTIFICATE-----
....
....
....
-----END CERTIFICATE-----
EOF
sudo cp root-ca-certificate.pem  /usr/local/share/ca-certificat/root-ca-certificate.crt
sudo chmod 644 /usr/local/share/ca-certificates/
sudo cp /usr/local/share/ca-certificates/root-ca-certificate.crt  /usr/share/ca-certificates/
sudo chmod 644 /usr/share/ca-certificates/root-ca-certificate.crt
sudo update-ca-certificates

What I have tried to resolve the issue:

  • I created an independedt CA where the certificate itself is loaded to the store and actually there but still receive an the same error, that I cannot install terrafrom for instance with the same message as above mentioned: (60) SSL certificate problem: self signed certificate in certificate chain
  • I tested to install those tools locally from my WSL2 based on Ubuntu 20.04 without success and the same error but also keeping the CA certificates in the same places
  • used the --insecure flag for tool installation to skip checking certificates. The installation of the tools works with this approach
  • I used dpkg-reconfigure -f noninteractive ca-certificates again without success to load the certificate in the ca store nor to use it for tool installation

Is this an Ubuntu bug or did I miss anything for the successful use of the CA Certificates?

55
0 + 0
ssl
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.