I'm not able to use my own apt-source via https.
Using web based repo with imported cert and key-file as apt-source.
Client: root and intermediate cert in /usr/local/share/ca-certificates/extra/ has been imported via update-ca-certificates --fresh -v.
I'm able to use curl and wget by pulling some sample files from my apt-source without ssl-probs.
Testing connection via openssl s_client -connect nexus.local.space:8443 also seems to be OK:
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2164 bytes and written 491 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-SHA384
Session-ID: 5FA14C91A8EC0DB36E0E28A09C4D99720E616596797047E604B9E75C96BDDF07
Session-ID-ctx:
Master-Key: 9223EDFA3DB774269D34D0C24389EA7AA264F8D35B1A8FD8AF5DEABA9B17C1ACFCE517D6D34B0EA650F5982386025569
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1604406417
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
closed
but apt-get update fails with:
*E: Failed to fetch https://nexus.local.space:8443/repository/apt-proxy-focal/dists/focal/main/binary-amd64/Packages Could not handshake: Error in the certificate. [IP: 130.220.254.9 8443]*
turning any verification off via conf in /etc/apt.conf.d/ or in sources.list doesn't solve the prob.
Any suggestions?
