我在公司代理服务器和自签名CA证书后面执行Vagrant命令时遇到问题。我已经配置了环境变量HTTP_PROXY,HTTPS_PROXY和HTTP_NO_PROXY变量。

我有一个包含所有公司证书的Java密钥库。我已经将keytool命令的-exportcert选项与许多选项一起使用了。我还使用了带有许多选项的openssl命令,并将生成的文件放在Vagrant安装的嵌入式Ruby目录中的多个位置,但未成功。

我读过很多站点,这些站点包含有关配置Ruby和curl的信息,但是在使Vagrant命令正常工作方面没有取得任何成功。我所找到的所有帖子都集中在Ruby和curl选项上,这些我不了解如何与Vagrant一​​起使用,其中包括将Ruby作为Vagrant的嵌入式组件。

请提供有关如何从Java密钥库正确导出证书以及有选择地转换证书和放置生成的文件的说明,以便Vagrant能够成功地通过公司代理与Internet通信。

Windows 7上的Vagrant 1.9.5

Vagrant 安装目录C:\ Apps \ Vagrant \

C:\WorkArea> vagrant plugin install vagrant.proxyconf

ERROR:  SSL verification error at depth 3: self signed certificate in certificate chain (19)
ERROR:  Root certificate is not trusted (/C=US/O=xxx xxx/OU=xxx xxx Certification Authority/CN=xxx xxx Root Certification Authority 01 G2)
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://api.rubygems.org/specs.4.8.gz)

C:\WorkArea> vagrant up

Bringing machine 'default' up with 'virtualbox' provider...
==> default: Box 'puppetlabs/ubuntu-16.04-64-puppet' could not be found. Attempting to find and install...
    default: Box Provider: virtualbox
    default: Box Version: >= 0
The box 'puppetlabs/ubuntu-16.04-64-puppet' could not be found or
could not be accessed in the remote catalog. If this is a private
box on HashiCorp's Atlas, please verify you're logged in via
`vagrant login`. Also, please double-check the name. The expanded
URL and error message are shown below:
URL: ["https://atlas.hashicorp.com/puppetlabs/ubuntu-16.04-64-puppet"]
Error: SSL certificate problem: self signed certificate in certificate chain
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.

最佳答案

您没有说明已采取什么步骤来尝试解决此问题,但似乎您没有将根证书放在correct location中。

转到安装Vagrant的目录,找到文件embedded\cacert.pem,然后将公司证书的内容附加到该文件。保存它,然后重试该操作。如果您正确导出了根CA证书,那么Vagrant应该读取它们并允许连接。

如果仍然无法通过合并文件来使其工作,请尝试在环境中运行vagrantSSL_CERT_FILE=/path/to/your/certs.pem。这将使您能够验证是否已正确导出公司证书。

关于ruby - 配置 Vagrant CA证书,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/45475023/

10-16 11:07