SSL certificates not loaded and container startup
Question
I have a container from where I am trying to reach an HTTPS URL using:
curl -v https//myserver:7050
The SSL issuer certificate of the server is placed on the VM where I run the container in /etc/ssl/certs. This VM location is volume mapped to /etc/ssl/certs of the container. This means the cert should be available to the container. However, when I issue the curl command, I get a message saying "unable to get issuer certificate".
Then I need to run
update-ca-certificates --refresh
After this the curl command succeeds.
If I am starting the container with a volume map, why am I required to run the update-ca-certificates command? Shouldn't the container already have all the certs in its cache when it starts up?
Regards
Yash
1 answers
solution1
0 2018-01-11 19:02:42
Files on /etc/ssl/certs are symlinks to other files, if you mount a folder with symlinks, it will try to load the files they are linked, which probally doesnt exists inside your container.
U will need to mount the original file locations too.
lrwxrwxrwx. 1 root root 49 Jul 19 06:51 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx. 1 root root 55 Jul 19 06:51 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
Or you can mount the original single files to your container /etc/ssl/certs
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.