SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) (https://gems.hashicorp.com/specs.4.8.gz)

[MichalKalita2]

HashiCorp Discuss: https://discuss.hashicorp.com/c/vagrant/24 Thank you!

Vagrant version

Vagrant 2.2.19

Host operating system

Microsoft Windows [Version 10.0.19042.1645]

Guest operating system

NA

Vagrantfile

# Copy-paste your Vagrantfile here (but don't include sensitive information such as passwords, authentication tokens, or email addresses)

Note: Included whole vagrantfile because I don't know what is relevant to the issue.

-- mode: ruby --

vi: set ft=ruby :

Vagrantfile API/syntax version. Don't touch unless you know what you're doing!

VAGRANTFILE_API_VERSION = "2"

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
os = "generic/ubuntu2004"
net_ip = "192.168.50"

config.vm.define :master, primary: true do |master_config|
master_config.vm.provider "virtualbox" do |vb|
vb.memory = "2048"
vb.cpus = 1
vb.name = "master"
end

master_config.vm.box = "#{os}"
master_config.vm.host_name = 'saltmaster.local'
master_config.vm.network "private_network", ip: "#{net_ip}.10"
master_config.vm.synced_folder "saltstack/salt/", "/srv/salt"
master_config.vm.synced_folder "saltstack/pillar/", "/srv/pillar"
master_config.vm.box_download_insecure = true

master_config.vm.provision :salt do |salt|
  salt.master_config = "saltstack/etc/master"
  salt.master_key = "saltstack/keys/master_minion.pem"
  salt.master_pub = "saltstack/keys/master_minion.pub"
  salt.minion_key = "saltstack/keys/master_minion.pem"
  salt.minion_pub = "saltstack/keys/master_minion.pub"
  salt.seed_master = {
                      "minion1" => "saltstack/keys/minion1.pub",
                      "minion2" => "saltstack/keys/minion2.pub"
                     }

  salt.install_type = "stable"
  salt.install_master = true
  salt.no_minion = true
  salt.verbose = true
  salt.colorize = true
  salt.bootstrap_options = "-P -c /tmp -x python3"
end

end

[
["minion1", "#{net_ip}.11", "1024", os ],
["minion2", "#{net_ip}.12", "1024", os ],
].each do |vmname,ip,mem,os|
config.vm.define "#{vmname}" do |minion_config|
minion_config.vm.provider "virtualbox" do |vb|
vb.memory = "#{mem}"
vb.cpus = 1
vb.name = "#{vmname}"
end

  minion_config.vm.box = "#{os}"
  minion_config.vm.hostname = "#{vmname}"
  minion_config.vm.network "private_network", ip: "#{ip}"

  minion_config.vm.provision :salt do |salt|
    salt.minion_config = "saltstack/etc/#{vmname}"
    salt.minion_key = "saltstack/keys/#{vmname}.pem"
    salt.minion_pub = "saltstack/keys/#{vmname}.pub"
    salt.install_type = "stable"
    salt.verbose = true
    salt.colorize = true
    salt.bootstrap_options = "-P -c /tmp -x python3"
  end
end

end
end

Debug output

https://gist.github.com/MichalKalita2/d89a9a18394f5f69e340c9dceb98ad04

Expected behavior

Here is a link to show what should have happened, https://github.com/UtahDave/salt-vagrant-demo.

Actual behavior

What actually happened? When I ran vagrant plugin install vagrant-vbguest, it gave me this
Installing the 'vagrant-vbguest' plugin. This can take a few minutes...
ERROR: SSL verification error at depth 1: self signed certificate in certificate chain (19)
ERROR: Root certificate is not trusted (/CN=WWD SSL CA/O=WWD/OU=ITSEC/L=Chicago/ST=IL/C=US)
Vagrant failed to load a configured plugin source. This can be caused
by a variety of issues including: transient connectivity issues, proxy
filtering rejecting access to a configured plugin source, or a configured
plugin source not responding correctly. Please review the error message
below to help resolve the issue:

SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) (https://gems.hashicorp.com/specs.4.8.gz)

Source: https://gems.hashicorp.com/

Steps to reproduce

1.Install Vagrant on Company Laptop
2. run vagrant plugin install vagrant-vbguest
3. receive error

References

Are there any other GitHub issues (open or closed) that should be linked here?
For example:

• NAT DNS Proxy Option? #1234
• vagrant plugin install SSL_connect returned=1 errno=0 state=error: certificate verify failed (https://gems.hashicorp.com/specs.4.8.gz) #11548
• SSL Certificate Problem #9309

[MichalKalita2]

I found one way to fix the issue. You need to find your server's certificate code/hash and paste into the cacert.pem file, following the.pem syntax. If one windows, don't use notepad as that can append extra unwanted terminal characters, instead use notepad++ to edit the .pem file. Windows 10 does not have access to vars such as SSL_CERT_FILE or CURL_CA_BUNDLE so don't even bother, these are most likely Linux exclusive things.

[psipika]

There is a way to disable SSL verification by placing :ssl_verify_mode: 0 in ~/.gemrc. @chrisroberts mentioned that the latest (at that time) version should have that functionality working, but that does not appear to be the case. My corp network places an SSL cert on the proxy causing this error. Placing :ssl_verify_mode: 0 in ~/.gemrc does nothing.

As mentioned in the previous comment, appending the corporate certificate contents to Vagrant's cacert.pem file as suggested here worked.

[chrisroberts]

Hi there,

This can be resolved by your company's IT team allowing access to rubygems.org or by disabling ssl verification as mentioned above.

Cheers!