Ask Your Question
0

Corporate SSL Issue

asked 2017-07-21 09:28:00 -0600

sdeshpande gravatar image

All,

Our company enforces a corporate self signed ssl at the firewall so that all the transmissions are intercepted by the firewall. In case if the SSL cert is not added to ca on the client system, all https connections are terminated with error thrown at the client.

Example : curl: (60) Peer's certificate issuer has been marked as not trusted by the user.

I tried adding our company cert to following directory /etc/pki/ca-trust/source/ And then ran the command update-ca-trust extract

This did not work so I tried doing following Copy the certificate to following directory /etc/pki/ca-trust/source/anchors/ And then ran the command update-ca-trust extract

Can you please tell me if there is anything I can do to fix this ?

Regards, Saurabh

edit retag flag offensive close merge delete

3 Answers

Sort by ยป oldest newest most voted
0

answered 2017-07-21 14:23:32 -0600

ssieb gravatar image

Try the instructions at https://www.happyassassin.net/2015/01... . It sounds like you are, so check that the certificate is in the right format. If you're using Firefox, you could also add it directly in there in the certificates settings.

edit flag offensive delete link more

Comments

I tried that link but it didn't work for me. I can't even run dnf update or yum update Can someone please help ?

sdeshpande gravatar imagesdeshpande ( 2017-07-25 12:52:47 -0600 )edit

Can you open https sites in Firefox? If not, then try adding the certificate in there and see if it works.

ssieb gravatar imagessieb ( 2017-07-25 18:36:01 -0600 )edit

Firefox has its own certificate store. So I can add cert to it and it works. I am stuck with command line tasks such as dnf update

sdeshpande gravatar imagesdeshpande ( 2017-07-26 10:48:54 -0600 )edit

That's good, so you know that you have the right certificate. What is the output of ls -l /etc/pki/tls/cert.pem /etc/pki/tls/certs/ca-bundle.crt? What happens if you add the certificate to the end of /etc/pki/tls/cert.pem? Is it already there?

ssieb gravatar imagessieb ( 2017-07-26 12:47:30 -0600 )edit
0

answered 2017-08-24 08:18:38 -0600

sdeshpande gravatar image

Please note that adding corporate ssl cert to Fedora cert can be achieved by following steps in https://www.happyassassin.net/2015/01...

Also the dnf update failure was due to our firewall blocking dnf and yum applications.

edit flag offensive delete link more

Question Tools

1 follower

Stats

Asked: 2017-07-21 09:28:00 -0600

Seen: 450 times

Last updated: Jul 21 '17