Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error: SSL certificate problem: self signed certificate in certificate chain #11120

Open
ssbarnea opened this issue Oct 12, 2019 · 5 comments
Open

Error: SSL certificate problem: self signed certificate in certificate chain #11120

ssbarnea opened this issue Oct 12, 2019 · 5 comments
Labels
enhancement installer

Comments

@ssbarnea
Copy link

Despite the fact that system is configured to trust the custom CA used by the proxy and that curl works correctly, vagrant fails with Error: SSL certificate problem: self signed certificate in certificate chain

The box 'ubuntu/xenial64' could not be found or
could not be accessed in the remote catalog. If this is a private
box on HashiCorp's Vagrant Cloud, please verify you're logged in via
`vagrant login`. Also, please double-check the name. The expanded
URL and error message are shown below:

URL: ["https://vagrantcloud.com/ubuntu/xenial64"]
Error: SSL certificate problem: self signed certificate in certificate chain

Curl:

curl https://vagrantcloud.com/ubuntu/xenial64
<html><body>You are being <a href="https://vagrantcloud.com/ubuntu/boxes/xenial64">redirected</a>.</body></html>

This is clear vagrant bug, apparently raised on #10363 but closed.
@ssbarnea ssbarnea mentioned this issue Oct 12, 2019
Closed
@ssbarnea
Copy link
Author

ssbarnea commented Oct 12, 2019
edited

I should also mention that setting SSL_CERT_FILE did not work but setting CURL_CA_BUNDLE worked. Thus, it should have worked without setting them as the system is already configured to accept the additional ca. Forcing users to define these vars may create conflicts with other tools that may need these for special use-cases (like connecting to localhost services).

@whut
Copy link

whut commented Jan 27, 2020

In case of Windows platform: Vagrant should use curl from Windows 10 (it is now shipped by default!), which will pick up custom certificates registered in Windows automatically, so no need to set CURL_CA_BUNDLE or edit the embedded\cacert.pem like in this StackOverflow answer

@kvaradhan3
Copy link

vagrant version 2.2.7.

I am seeing this exact same issue, but not on ubuntu as in #10363 or windows as here,
but on a mac.
As with #10363, my company has installed and requires to install their certs.
Also, just as with @ssbarnea I am able ot directly invoke curl and find the boxes, so I am assuming this is something to do with vagrant itself.

@kvaradhan3
Copy link

kvaradhan3 commented Apr 24, 2020
edited

vagrant box add --cacert /etc/ssl/certs/<myCAcert.pem> <box>
did the trick for me.

However, I am not sure how auto-update of the boxes would work.

It would have been better if this were a config in ~/.vagrant.d
that could be used consistently...

@kvaradhan3 kvaradhan3 mentioned this issue Apr 24, 2020
Closed
@shakvaal
Copy link

Vagrant still does not respect the operating system's truststore: neither in Windows 10, nor in Ubuntu 20.04 .
Any plans for fixing the default behaviour? Or at least add a flag of some sorts?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement installer
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ssbarnea @chrisroberts @whut @shakvaal @kvaradhan3