未加载SSL证书和容器启动
[英]SSL certificates not loaded and container startup
问题描述
I have a container from where I am trying to reach an HTTPS URL using: 
我有一个使用以下方法尝试从其访问HTTPS URL的容器:
curl -v https//myserver:7050
The SSL issuer certificate of the server is placed on the VM where I run the container in /etc/ssl/certs. 服务器的SSL颁发者证书位于我在/ etc / ssl / certs中运行容器的VM上。 This VM location is volume mapped to /etc/ssl/certs of the container. 该VM位置被卷映射到容器的/ etc / ssl / certs。 This means the cert should be available to the container. 这意味着证书应该对容器可用。 However, when I issue the curl command, I get a message saying "unable to get issuer certificate". 但是,当我发出curl命令时,会收到一条消息,提示“无法获得颁发者证书”。
Then I need to run 那我要跑
update-ca-certificates --refresh
After this the curl command succeeds. 此后,curl命令成功。
If I am starting the container with a volume map, why am I required to run the update-ca-certificates command? 如果要使用卷映射启动容器,为什么需要运行update-ca-certificates命令? Shouldn't the container already have all the certs in its cache when it starts up? 容器启动时是否不应该在其缓存中包含所有证书?
Regards 问候
Yash 亚什
1 个解决方案
解决方案1
0 2018-01-11 19:02:42
Files on /etc/ssl/certs are symlinks to other files, if you mount a folder with symlinks, it will try to load the files they are linked, which probally doesnt exists inside your container. /etc/ssl/certs上的文件是指向其他文件的符号链接,如果您使用符号链接装载文件夹,它将尝试加载它们链接的文件,而该文件可能在您的容器中不存在。
U will need to mount the original file locations too. 您也需要挂载原始文件位置。
lrwxrwxrwx. 1 root root 49 Jul 19 06:51 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx. 1 root root 55 Jul 19 06:51 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
Or you can mount the original single files to your container /etc/ssl/certs 或者,您可以将原始单个文件挂载到容器/ etc / ssl / certs中
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.