我现在尝试了几个小时将公司签名的根 CA 导入 Docker Image/Container 并且失败了。
我把它们放在那些地方
/usr/local/share/ca-certificates/
/usr/local/ca-certificates/
/usr/share/ca-certificates/
/etc/ssl/certs/
然后运行更新 sudo update-ca-certificates
当我尝试以 root 用户身份卷曲某些东西时,它可以完美运行:
root@container-run-60ec45094cedfd00078551d9:~# curl https://httpbin.org/ip -x companyproxy.de:8080
{
"origin": "xxx.xx.xx.xxx"
}
但是当我以普通用户身份运行时,我收到了 SSL 错误:
ubuntu@container-run-60ec45094cedfd00078551d9:/mnt$ curl https://httpbin.org/ip -x companyproxy.de:8080
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
当我检查 Certs curl 正在使用什么时,我得到以下信息:
root : * CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
ubuntu: * CAfile: /usr/local/anaconda/ssl/cacert.pem
CApath: none
我查看了所有文件夹的权限,每个用户都应该具有读取/执行权限。我什至试过把所有东西都放在 777 上一次。
显然,就像 curl 一样,当我以ubuntu.
知道我可以在哪里为所有用户导入证书吗?