4

I have problem with downloading docker on ubuntu server.

if I put : 

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

I get :

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

I google it and I try several thinks like: 

sudo apt install apt-transport-https ca-certificates curl software-properties-common

sudo apt-get install ca-certificates

but nothing helps,...

if I do 

cd /etc/ssl/certs/; wget https://curl.haxx.se/ca/cacert.pem.sha256; shasum -c cacert.pem.sha256; rm -f cacert.pem.sha256

I get :

--2019-06-03 12:19:31--  https://curl.haxx.se/ca/cacert.pem.sha256
Resolving curl.haxx.se (curl.haxx.se)... 151.101.194.49, 151.101.130.49, 151.101.66.49, ...
Connecting to curl.haxx.se (curl.haxx.se)|151.101.194.49|:443... connected.
ERROR: cannot verify curl.haxx.se's certificate, issued by ‘emailAddress=our.email,...OU=..,L=..ST=,..NC=..,O=..C=..’:
  Unable to locally verify the issuer's authority.
To connect to curl.haxx.se insecurely, use `--no-check-certificate'.

How do I solve this, and how do I found the certificate that was signed by our email,...

Marko Zadravec
  • 8,298
  • 10
  • 55
  • 97
  • Are you behind a corporate proxy serving it's own ssl certificates ? If yes, did you add your organization CA as a trusted root certificate ? What makes me think you're in this case is the `certificate, issued by ‘emailAddress=our.email` in your latest wget error. – Zeitounator Jun 03 '19 at 11:28
  • Actually, this is our client server, but yes, it is behind corporate proxy,... Is this a problem for downloading the docker? How do I add organization CA as a trusted root certificate? – Marko Zadravec Jun 03 '19 at 11:51
  • You using apt so I guess your are under either ubuntu or debian. [This answer on askubutu](https://askubuntu.com/questions/73287/how-do-i-install-a-root-certificate) should get you going. – Zeitounator Jun 03 '19 at 11:56
  • 2
    And to answer your question, your current proxy seems to be decrypting ssl (for inspection reasons probably) before re-encrypting with its own internal certificate (just a guess from some of your above line). This will be a problem for downloading anything if you didn't trust the internal CA in first place. – Zeitounator Jun 03 '19 at 11:59

0 Answers0