SSL connection from GNS3 Docker through a corporate security
Corporate security has become very restrictive. A joke is that even Pearson VUE connection test is failing from my corp laptop. One of the recent issue I had when started Practical Python Cisco Network Automation chapter from INE CCNP learning path. The built in Docker network automation container in GNS3 wasn't connecting, returning "failed to verify certificate: x509: certificate: certificate signed by unknown authority." in the logs.
First help came from here https://forums.docker.com/t/tls-failed-to-verify-certificate-x509/137486 with two commands checking connection and showing certificate chain.
curl -vvvv https://registry-1.docker.io
openssl s_client -showcerts -connect registry-1.docker.io:443 </dev/null | more
Those clearly indicated that there is a issue with certificate and there is something in the chain shouldn't be there: Cloud Services Root CA by a BlueCoat Systems.The solution came from here: https://johnpfield.wordpress.com/2015/03/18/get-me-out-of-here/ and it's simple:
- Download a Bluecoat certificate. I wen to a local Certificate Manager and got a DER file
- Upload file to GNS3 VM
- Convert DER to PEM
- Upload to the trust store (see below)
- Add a link to the new cert (see below)
$ sudo mv ~/mitm-ca-cert.pem /usr/local/share/ca-certificates/mitm-ca-cert.pem $ sudo chown root:root /usr/local/share/ca-certificates/mitm-ca-cert.pem $ sudo chmod 644 /usr/local/share/ca-certificates/mitm-ca-cert.pem $ cd /usr/local/share/ca-certificates $ sudo c_rehash .
$ cd /etc/ssl/certs $ sudo ln -s /usr/local/share/ca-certificates/mitm-ca-cert.pem $ sudo c_rehash .Once GNS3 was rebooted, all looks fine and dandy
Комментарии
Отправить комментарий