Re: [smartos-discuss] Update CA Bundle

Fri, 27 Apr 2018 14:13:06 -0700 

Hey Eugene,
Another alternative is to add the imgadm docker source as an insecure source. 

You can see the imgadm sources using:

$ imgadm sources -v

You may need to delete the docker source and re-add with the insecure flag:

$ imgadm sources -d https://docker.io
$ imgadm sources -a https://docker.io -k
$ imgadm import somedocker.com/something


Note: If you have other docker sources - try removing those too, just 
leaving the docker.io source.


Cheers,
Todd

On 2018-04-18 2:52 PM, Eugene Lee wrote:

Thanks Todd. I have tried that before but it didnt seem to work for me.
I did an export IMGADM_INSECURE=1

Then typed env and verified it was set. Then ran imgadm but i still 
got the error.  Granted I am using the skylime version of smartos 
which has the fix to allow imgadm to work with docker registry v2. Not 
sure if normal build of smartos has this fix for v2 docker registry in 
place or not.


Thanks
Eugene
------------------------------------------------------------------------
*From:* Todd Whiteman <[email protected]>
*Sent:* Thursday, 19 April 2018 4:26:45 a.m.
*To:* [email protected]
*Subject:* Re: [smartos-discuss] Update CA Bundle
Hi Eugene,


I myself don't know of a way to update the root CA, I think node 
programs (which is what imgadm uses) include the certs in the binary 
itself (using static linking).



If you are using imgadm you can set the IMGADM_INSECURE environment 
variable as a workaround:


    IMGADM_INSECURE=1 imgadm import thedockerimage

Cheers,
Todd

On 2018-04-18 4:01 AM, Eugene Lee wrote:


Hi,



Is it possible to update the root CA certificate files installed in 
SmartOS?  I am trying to download an image from a private docker 
registry but the SSL certificate I have installed on the private 
docker registry is not recognised.  It is not a Self Signed 
certificate, but it is issued by Comodo.  The error I get is imgadm 
import: error: UNABLE_TO_VERIFY_LEAF_SIGNATURE




Running a CURL command gives: - SSL certificate problem: unable to 
get local issuer certificate




I know the certificate is fine as I have tested the docker 
registry URL through a browser and the certificate shows as valid.  I 
have also seen the same CURL error on a different Ubuntu host, but 
once I updated the ca-certificates.crt file on that host with the 
certificate bundle I got with the certificate, then CURL works fine 
as well.  But I dont know if this is possible on the SmartOS host 
given the readonly nature of the system?



Thanks,

Eugene




*smartos-discuss* | Archives 
<https://www.listbox.com/member/archive/184463/=now> | Modify 
<https://www.listbox.com/member/?&;> 
Your Subscription 	[Powered by Listbox] <http://www.listbox.com>







-------------------------------------------
smartos-discuss
Archives: https://www.listbox.com/member/archive/184463/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125
Powered by Listbox: http://www.listbox.com






















					Reply via email to