-
-
Save muhozi/3400a74395eb7ef940551a99a511ece0 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://stackoverflow.com/questions/39356413/how-to-add-a-custom-ca-root-certificate-to-the-ca-store-used-by-pip-in-windows/52961564 | |
| >pip config set global.cert path/to/ca-bundle.crt | |
| >pip config list # user trusted-host | |
| pip.ini or pip.conf | |
| [global] | |
| trusted-host = pypi.python.org | |
| pypi.org | |
| files.pythonhosted.org | |
| cert = /etc/ssl/certs/ca-bundle.crt | |
| (if config is not set, use pip --cert or --trust-host each call) | |
| >conda config --set ssl_verify path/to/ca-bundle.crt (or false to disable) | |
| >conda config --show ssl_verify | |
| >git config --global http.sslVerify true | |
| >git config --global http.sslCAInfo path/to/ca-bundle.crt | |
| >npm config set strict-ssl true -g | |
| >npm config set cafile path/to/ca-bundle.crt -g | |
| >yarn config set strict-ssl true -g | |
| >yarn config set cafile path/to/ca-bundle.crt -g | |
| Docker | |
| #copy custom cert, in current build directory | |
| COPY zscaler-root-ca.crt /usr/local/share/ca-certificates/zscaler-root-ca.crt | |
| # some base image don't have update-ca-certificates | |
| RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/* | |
| # update-ca-certificates - add the cert to /etc/ssl/certs/ca-certificates.crt bundle | |
| RUN update-ca-certificates | |
| #http://manpages.ubuntu.com/manpages/xenial/man8/update-ca-certificates.8.html | |
| #https://hackernoon.com/alpine-docker-image-with-secured-communication-ssl-tls-go-restful-api-128eb6b54f1f | |
| https://serverfault.com/questions/62496/ssl-certificate-location-on-unix-linux | |
| "/etc/ssl/certs/ca-certificates.crt", // Debian/Ubuntu/Gentoo etc. | |
| "/etc/pki/tls/certs/ca-bundle.crt", // Fedora/RHEL 6 | |
| "/etc/ssl/ca-bundle.pem", // OpenSUSE | |
| "/etc/pki/tls/cacert.pem", // OpenELEC | |
| "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", // CentOS/RHEL 7 | |
| "/etc/ssl/cert.pem", // Alpine Linux | |
| _Linux setup_ | |
| On Fedora/RHEL/CentOS/Debian/Ubuntu I would add it to the OS trust store, and configure yarn to use the OS trust store. This will also make the registry trusted by your browser, and tools like curl/wget, openssl. | |
| Fedora/RHEL/CentOS | |
| Add the CA or self signed certificate to /etc/pki/ca-trust/source/anchors/. | |
| Run sudo update-ca-trust extract. If you use nodejs provided by Red Hat, that's it! | |
| If you have compiled nodejs yourself, or have downloaded nodejs from https://nodejs.org/, you need to configure yarn to use the OS trust store instead of the included static nodejs trust store: | |
| yarn config set cafile /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem | |
| Debian/Ubuntu | |
| This is similar to the instructions for Red Hat Enterprise Linux: | |
| Add your .crt file to /usr/local/share/ca-certificates | |
| sudo update-ca-certificates | |
| yarn config set cafile /etc/ssl/certs/ca-certificates.crt |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment