JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQ L2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCig VR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDov QwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYD H8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rEĪhqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZĮASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXCĭTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7 VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv YWwgQ0EwHhcNMTMwNDA1MTUxNTU2WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQGĮwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVyīmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBĪJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i MIID8DCCAtigAwIBAgIDAjqDMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT I:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA +qtqiCJyDKhEV6f1j+Awg/Fr+tVCZLjHcSmGq元DNcHbCUalXrq4EwVK3Pg8lghUĭm3e0J3EcjgMacIg+RP+2pOM5GvIwQ6BrKbmcnTjqsjcG1tQEV0ZSb6hx2bGYhc2ġ s:/C=US/O=Google Inc/CN=Google Internet Authority G2 YcvJH+mpv/EIDw1shU5UK3FpvnSHEH2jrs2psnC4BYSovT3pH2nxTCpiLiya1UNn VhDnxneaHL21zwUCuZvNVyYL9VCSYGWV1iNe6PtYYtbWt7of6bEiwZsSuPWaRuRp IwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMCEGA1UdIAQaMBgwDAYKKwYBBAHWĮQIFATAIBgZngQwBAgIwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDov元BraS5nb29nīGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAK1BpCyAbID8gpwWIīQReJv81H/qvYvaaOFa7PLnqHhaAZmzjV1tkCsVB60IgsBDoNuPdtJ5klpxV+njs MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0GĪ1UdDgQWBBStL+4j1/n+vGwj3sL861LWCYDUGTAMBgNVHRMBAf8EAjAAMB8GA1Ud XDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0 KwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYBBQUHAQEE H4A0MKvYR6uZZEEr39E+4R6IY9HSv1ZDq8csspyWjXpaIxd6ZD6+lGwvgyszQtNaĠaEP9+tNhF7jPRD5TedfvyOz81dUCvE0O2E+nfripG2gNBm4r5N6XWUH/lvoopaRĠ0eE2fKpk/fvZgZXAgMBAAGjggFLMIIBRzAdBgNVHSUEFjAUBggrBgEFBQcDAQYI tzsQkW0IqWAIFLFBbHWMvgDmvMwacps34B80U+p5Iq2xx2xHegl0RMb4HfSEpW/ Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxYx0XĪuhoQ4cobo6J3UMUNCbzKmJ/XSzDB5RLtjvbvtDfCMHm8hO91vvlcKRRrwqdYpiwĢzUcPDyjwOrZZsJlQglQw/rRpbfQQ6aKsKQWiT3sAIz5joXXi/622YhhGAAdyGGy TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOd3d3 WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN MIIEgDCCA2igAwIBAgIIdnEF+1C/AZowDQYJKoZIhvcNAQELBQAwSTELMAkGA1UEīhMCVVM圎zARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlĬm5ldCBBdXRob3JpdHkgRzIwHhcNMTYwNjA4MTIzNzI5WhcNMTYwODMxMTIzMDAw Here's the certificate I get from my own testing: bash$ openssl s_client -showcerts -connect CONNECTED(00000003)ĭepth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authorityĭepth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CAĭepth=1 C = US, O = Google Inc, CN = Google Internet Authority G2ĭepth=0 C = US, ST = California, L = Mountain View, O = Google Inc, CN = verify return:1Ġ s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=i:/C=US/O=Google Inc/CN=Google Internet Authority G2 Most likely, you have some kind of security device on the network that is inspecting the traffic, and to do so, decrypting and encrypting with it's own certificate. This worked fine for me, though to be safe, make sure your "ca-certificates" package is up to date. I would really appreciate any insight into this, in particular any debugging steps I can take to understand the problem better. But I must be confused: why should the certificates on the server itself have anything to do with what's happening inside of the docker container? Since this same process works on other servers, it seems like the problem could only be some certificate problem on that server itself. The certificate's owner does not match hostname '' connected.ĮRROR: The certificate of '' is not trusted.ĮRROR: The certificate of '' hasn't got a known issuer. Here's the setup for the docker container: docker run -rm -ti debian:jessie bash The same wget works fine on the server machine itself (outside docker) and it works inside that same docker container on different servers. When I run wget inside of a docker container on one specific server it cannot verify certificates. I'm running into a strange problem with certificates that I can't figure out how to debug.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |