在使用容器訪問一個自簽名證書站點的時候碰到如下報錯:
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
解決方法:將該證書加到Docker鏡像中,讓系統信任這類證書
我使用的是基於alpine的鏡像,Dockerfile如下
FROM ruby:2.6.3-alpine3.10
RUN apk update \
&& apk add --no-cache curl ca-certificates bash
RUN mkdir -p /usr/local/share/ca-certificates/
COPY ["SelfSignedRootCA.crt","/usr/local/share/ca-certificates"]
RUN ["/bin/bash","-lc","update-ca-certificates"]
build鏡像過程中看到如下提醒,可以忽略
WARNING: ca-certificates.crt does not contain exactly one certificate or CRL: skipping
啓動並進入容器內檢查cat /etc/ssl/certs/ca-certificates.crt
,自簽名證書已經被加入ca-certificates.crt文件,系統已信任該證書。