OpenShift Pods or Builds Do Not Trust System Certificates
Issue
- We have a corporate inspecting proxy that uses an internally signed certificate.
- All web traffic must pass through this proxy and since it's content inspecting, all web traffic ends up signed with this internal certificate
- I've put our internal root CA chain into the ca-trust on every node but now the actual builds are also failing for the sample JS and Python apps
npm ERR! code UNABLE_TO_VERIFY_LEAF_SIGNATURE
npm ERR! unable to verify the first certificate
npm ERR!
npm ERR! If you need help, you may report this error at:
npm ERR! <https://github.com/npm/npm/issues>;
npm ERR! Please include the following file with any support request:
npm ERR! /opt/app-root/src/npm-debug.log
error: build error: non-zero (13) exit code from registry.access.redhat.com/rhscl/nodejs-6-rhel7@sha256:65d0bcbfd601587ca17f231b324a851d86566ea5938a3ca1467344f3aeb49299
- How can I get an internal root CA to be trusted? (or SSL connections to be insecure?)
Cloning "https://github.com/openshift/django-ex.git" ...
. . .
---> Installing dependencies ...
Collecting django<1.12,>=1.11 (from -r requirements.txt (line 1))
Could not find a version that satisfies the requirement django<1.12,>=1.11 (from -r requirements.txt (line 1)) (from versions: )
No matching distribution found for django<1.12,>=1.11 (from -r requirements.txt (line 1))
error: build error: non-zero (13) exit code from registry.access.redhat.com/rhscl/python-35-rhel7@sha256:b6a0b374557448025afc592959254610f402434730d4f3616d3bf081e50f8453
Environment
- Red Hat OpenShift Container Platform
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
