Skip to content

Instantly share code, notes, and snippets.

@deskoh

deskoh/Self-Signed Cert Fixes.md

Last active June 22, 2022 02:51
Show Gist options
  • Save deskoh/7325e709f75620dee0562b6a2b67b79a to your computer and use it in GitHub Desktop.
Save deskoh/7325e709f75620dee0562b6a2b67b79a to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Self-Signed Cert Fixes.md

Self-Signed cert

Linux

  1. Copy or SFTP certificate to machine
  2. Go to /usr/local/share/ca-certificates/
  3. Create a new folder, i.e. "sudo mkdir my-cert"
  4. Copy the .crt file into the my-cert folder
  5. Make sure the permissions are OK (755 for the folder, 644 for the file)
  6. Run sudo update-ca-certificates

Containers

Centos

  1. Copy file /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem to local folder.
  2. Append PEM to end of file.
  3. Mount using ./cert/tls-ca-bundle.pem:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

Note: /etc/ssl/certs/ca-bundle.crt is a symlink to /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

Java

  1. Windows-only: JAVA_OPTS=-Djavax.net.ssl.trustStore=C:\\Windows\\win.ini -Djavax.net.ssl.trustStoreType=Windows-ROOT`` (file is ignored when trustStoreTypeisWindows-ROOT`)

  2. Certificate need to be added to Java Keystore

keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias my-ca -file /mnt/d/SSL-Trust-2018.crt

# Possible location of cacerts
# /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/cacerts
# /usr/lib/jvm/jre/lib/security/cacerts

Note: If using Docker, copy the cacerts and add to keytool to append the certificate and mount the file using ./cert/cacerts:/usr/lib/jvm/jre/lib/security/cacerts.

PIP

python -m pip install --upgrade pip --cert SSL-Trust-2018.crt

pip --trusted-host pypi.org --trusted-host files.pythonhosted.org install XXX

Legacy host: pypi.python.org

NODE

require('https').globalAgent.options.rejectUnauthorized = false

NODE_TLS_REJECT_UNAUTHORIZED=0

SET NODE_EXTRA_CA_CERTS=/path-to-extra.crt

NPM

npm config set strict-ssl false

This will update the file in $HOME/.npmrc

TBD: npm set ca null

GIT

git -c http.sslVerify=false clone ...

For global disable:

git config --global http.sslVerify false

CURL

Put cert into /etc/ssl/certs/ export SSL_CERT_FILE=/etc/ssl/certs/SSL-Trust-2018.crt

or

Use -k flag.

Meteor

Apply fix for curl.

Append strict-ssl=false to

%LOCALAPPDATA%\.meteor\packages\meteor-tool\1.xxx\mt-os.windows.x86_64\dev_bundle\lib\node_modules\npm\npmrc

~/.meteor/packages/meteor-tool/1.xxx/mt-os.linux.x86_64/dev_bundle/lib/node_modules/npm/npmrc

EXPORT NODE_TLS_REJECT_UNAUTHORIZED=0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment