Unsolved
1 Rookie
•
7 Posts
0
87
November 11th, 2024 10:37
linux.dell.com repositories unusable due to missing CA certs on Linux systems
Hi,
Dell seems to have updated the certs of https://linux.dell.com recently. That would not normally be an issue, but the new cert is signed by "DigiCert Global G2 TLS RSA SHA256 2020 CA1" and this cert is not included in the ca bundle that major distros come with. It seems like browsers (Chrome and Firefox at least) do trust that CA, but even the latest CentOS/Rocky/Fedora/Ubuntu do not. Obviously, this breaks DSU and maybe some other things.
Would it be possible for Dell to roll back to the old certificate? I feel like this is a quicker fix than waiting for a ca-certificates update from multiple upstreams.
Thank you
No Events found!
user90943
1 Rookie
•
7 Posts
0
November 11th, 2024 10:43
The forum does not let me post URLs it seems. To reproduce:
While this works:
# docker run -ti centos bash -c "curl -sS https colon slash slash cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt.pem >>/etc/ssl/certs/ca-bundle.crt; curl https colon slash slash linux.dell.com" | grep TITLE
<TITLE>Dell - Dell Linux - Community Web</TITLE>
(edited)
user90943
1 Rookie
•
7 Posts
0
November 11th, 2024 10:48
This does not work:
# docker run -ti centos curl https colon slash slash linux.dell.com
curl: (60) SSL certificate problem: unable to get local issuer certificate
This works:
# docker run -ti centos bash -c "curl -sS https colon slash slash cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt.pem >>/etc/ssl/certs/ca-bundle.crt; curl https colon slash slash linux.dell.com" | grep TITLE
<TITLE>Dell - Dell Linux - Community Web</TITLE>
user90943
1 Rookie
•
7 Posts
0
November 11th, 2024 15:17
Something is really weird with this website, I struggled to get any comments posted and then it took it three times. Oh well...