0

I am facing an issue that I want to ask here.

I have a container that must reach an URL. But, because of root certificate problem, I cannot reach that URL.

When I am trying to curl from inside of container, I am getting below error.

***curl: (60) SSL certificate problem: certificate has expired

More details here .

curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option.

If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.***

I am trying to add this certificate and update them in Dockerfile with lines below.

ADD your_ca_root.crt /usr/local/share/ca-certificates/foo.crt
RUN chmod 644 /usr/local/share/ca-certificates/foo.crt && update-ca-certificates

but, getting this error.

What I have tried;

  1. tried to delete entire certificates and install new ones.
  2. tried to use "update ca-certificates -f"

But did not work.

So, any suggestions?

Prateek Gupta
  • 2,422
  • 2
  • 16
  • 30
alen.g
  • 1
  • Are you in control of the server you are trying to reach and the certificate used to protect it? – Chase Jun 01 '20 at 23:38
  • No, it is url from customer site. But, I do not think it is about problem from their site because I can reach from machine that installed my containers. – alen.g Jun 02 '20 at 07:25
  • Can you test the URL using https://www.ionos.com/tools/ssl-checker and https://www.sslshopper.com/ssl-checker.html. See if the first link reports the certificate is "install incorrectly". The second link will show information about the certificate and the chain. See if there is an entry for one that has an expiration date in the past (e.g. May 30, 2020). – Chase Jun 02 '20 at 17:57
  • Hello @Chase thanks for advice. I tried it and get below output for both 301 Moved Permanently

    Moved Permanently

    The document has moved here.

     – alen.g Jun 02 '20 at 20:26
  • Err, I'm not sure what you're looking at exactly. If it wasn't clear -- I was suggesting you click both hose links in your web browser and paste the URL you are having problems with in your code into those two page's tools. – Chase Jun 02 '20 at 20:32

0 Answers0