Thanks Todd for following up. I already had to use the -k option to add my own private docker registry to the sources list. And it says it successfully added it with (insecure) at the end.
But the frustrating thing is any imgadm import command I run against that docker registry still throws up a UNABLE_TO_VERIFY_LEAF_SIGNATURE error (I get this error when trying to add the source without the -k option). Hopefully this is a bug that can be fixed in the next SmartOs release. Thanks, Eugene ________________________________ From: Todd Whiteman <[email protected]> Sent: Saturday, 28 April 2018 9:12 AM To: [email protected] Subject: Re: [smartos-discuss] Update CA Bundle Hey Eugene, Another alternative is to add the imgadm docker source as an insecure source. You can see the imgadm sources using: $ imgadm sources -v You may need to delete the docker source and re-add with the insecure flag: $ imgadm sources -d https://docker.io [https://www.docker.com/sites/default/files/social/docker_facebook_share.png]<https://docker.io/> Docker<https://docker.io/> docker.io Docker $ imgadm sources -a https://docker.io -k $ imgadm import somedocker.com/something Note: If you have other docker sources - try removing those too, just leaving the docker.io source. Cheers, Todd On 2018-04-18 2:52 PM, Eugene Lee wrote: Thanks Todd. I have tried that before but it didnt seem to work for me. I did an export IMGADM_INSECURE=1 Then typed env and verified it was set. Then ran imgadm but i still got the error. Granted I am using the skylime version of smartos which has the fix to allow imgadm to work with docker registry v2. Not sure if normal build of smartos has this fix for v2 docker registry in place or not. Thanks Eugene ________________________________ From: Todd Whiteman <[email protected]><mailto:[email protected]> Sent: Thursday, 19 April 2018 4:26:45 a.m. To: [email protected]<mailto:[email protected]> Subject: Re: [smartos-discuss] Update CA Bundle Hi Eugene, I myself don't know of a way to update the root CA, I think node programs (which is what imgadm uses) include the certs in the binary itself (using static linking). If you are using imgadm you can set the IMGADM_INSECURE environment variable as a workaround: IMGADM_INSECURE=1 imgadm import thedockerimage Cheers, Todd On 2018-04-18 4:01 AM, Eugene Lee wrote: Hi, Is it possible to update the root CA certificate files installed in SmartOS? I am trying to download an image from a private docker registry but the SSL certificate I have installed on the private docker registry is not recognised. It is not a Self Signed certificate, but it is issued by Comodo. The error I get is imgadm import: error: UNABLE_TO_VERIFY_LEAF_SIGNATURE Running a CURL command gives: - SSL certificate problem: unable to get local issuer certificate I know the certificate is fine as I have tested the docker registry URL through a browser and the certificate shows as valid. I have also seen the same CURL error on a different Ubuntu host, but once I updated the ca-certificates.crt file on that host with the certificate bundle I got with the certificate, then CURL works fine as well. But I dont know if this is possible on the SmartOS host given the readonly nature of the system? Thanks, Eugene smartos-discuss | Archives<https://www.listbox.com/member/archive/184463/=now> | Modify<https://www.listbox.com/member/?> Your Subscription [https://www.listbox.com/images/listbox-logo-small.png071777d.png?uri=aHR0cHM6Ly93d3cubGlzdGJveC5jb20vaW1hZ2VzL2xpc3Rib3gtbG9nby1zbWFsbC5wbmc] <http://www.listbox.com> ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125 Powered by Listbox: http://www.listbox.com
