1

我有兴趣在公司 Zscaler 防火墙后面运行这样一个简单的图像:

FROM rocker/r-base
RUN apt-get update && apt-get install libssl-dev
CMD Rscript -e "install.packages('beepr')"

构建图像docker build -t test .失败并出现如下错误:

Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: ]

我已经尝试了这里的一些解决方案,但它们不起作用。例如:

FROM rocker/r-base

# Add local certificate to Docker
ADD ./zscaler.cer /usr/local/share/ca-certificates/zscaler.crt

# Move the certificate to the cert dir of openssl and update certificates
RUN CERT_DIR=$(openssl version -d | cut -f2 -d \")/certs ; cp /usr/local/share/ca-certificates/zscaler.crt $CERT_DIR ; update-ca-certificates

# Try making https requests
RUN apt-get update && apt-get install libssl-dev
CMD Rscript -e "install.packages('beepr')"

同样的错误仍然存​​在docker build -t test .。我已经在线阅读了一些可能的解决方案,但所有这些解决方案都不断失败,无论是apt-get使用R. 有没有人经历过这个并找到了解决办法?

4

1 回答 1

0

显然,目前的建议有点错误。证书不应进入/etc/ssl/certs/(这是 的结果CERT_DIR=$(openssl version -d | cut -f2 -d \")/certs),而应进入CERT_DIR=/usr/local/share/ca-certificates/(至少在此 Ubuntu 映像上)。更改后,update-ca-certificates正确更新证书,所有 HTTPS 请求都成功。

现在应该可以了:

FROM rocker/r-base

# Add local certificate to Docker
ADD ./zscaler.pem /usr/local/share/ca-certificates/ZscalerRootCertificate-2048-SHA256.crt

# update certificates
RUN update-ca-certificates

# Try making https requests
RUN apt-get update && apt-get install libssl-dev
CMD Rscript -e "install.packages('beepr')"
于 2021-04-27T10:20:21.923 回答