muhozi · July 15, 2023 00:09 · Oct 30, 2020 · Oct 30, 2020 · Oct 30, 2020 · Oct 30, 2020
diff --git a/cacert note - zscaler - custom cert b/cacert note - zscaler - custom cert
@@ -6,7 +6,7 @@ credit: https://stackoverflow.com/questions/39356413/how-to-add-a-custom-ca-root
     [global]
     trusted-host = pypi.python.org
                    pypi.org
-	                 files.pythonhosted.org
+	           files.pythonhosted.org
     cert = /etc/ssl/certs/ca-bundle.crt
 (if config is not set, use pip --cert or --trust-host each call)
 

diff --git a/cacert note - zscaler - custom cert b/cacert note - zscaler - custom cert
@@ -34,7 +34,8 @@ NPM - two options
 >yarn config set cafile path/to/ca-bundle.crt -g 
 
 
-Docker
+Docker - yarn (same concept for others tool)
+
 #copy custom cert, in current build directory
 COPY zscaler-root-ca.crt /usr/local/share/ca-certificates/zscaler-root-ca.crt
 

diff --git a/cacert note - zscaler - custom cert b/cacert note - zscaler - custom cert
@@ -67,6 +67,7 @@ Run sudo update-ca-trust extract. If you use nodejs provided by Red Hat, that's
 If you have compiled nodejs yourself, or have downloaded nodejs from https://nodejs.org/, you need to configure yarn to use the OS trust store instead of the included static nodejs trust store:
 
 yarn config set cafile /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+
 Debian/Ubuntu
 
 This is similar to the instructions for Red Hat Enterprise Linux:

diff --git a/cacert note - zscaler - custom cert b/cacert note - zscaler - custom cert
@@ -16,9 +16,20 @@ credit: https://stackoverflow.com/questions/39356413/how-to-add-a-custom-ca-root
 >git config --global http.sslVerify true 
 >git config --global http.sslCAInfo path/to/ca-bundle.crt
 
+NPM - two options
+1. using evironment var
+>set npm_config_cafile=/etc/ssl/cert.pem
+2. using config
 >npm config set strict-ssl true -g
 >npm config set cafile path/to/ca-bundle.crt -g
 
+//if npm invoke script to call node directly, npm config is not respected, two workground
+1. disable node TLS check through env var
+>set NODE_TLS_REJECT_UNAUTHORIZED=0
+2. add custom cert through en var
+>set NODE_EXTRA_CA_CERTS=/etc/ssl/cert.pem
+
+
 >yarn config set strict-ssl true -g 
 >yarn config set cafile path/to/ca-bundle.crt -g 
 

diff --git a/cacert note - zscaler - custom cert b/cacert note - zscaler - custom cert
@@ -1,4 +1,4 @@
-https://stackoverflow.com/questions/39356413/how-to-add-a-custom-ca-root-certificate-to-the-ca-store-used-by-pip-in-windows/52961564
+credit: https://stackoverflow.com/questions/39356413/how-to-add-a-custom-ca-root-certificate-to-the-ca-store-used-by-pip-in-windows/52961564
 
 >pip config set global.cert path/to/ca-bundle.crt
 >pip config list  # user trusted-host
@@ -32,9 +32,11 @@ RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/*
 # update-ca-certificates - add the cert to /etc/ssl/certs/ca-certificates.crt bundle
 RUN update-ca-certificates
 
+credit: 
 #http://manpages.ubuntu.com/manpages/xenial/man8/update-ca-certificates.8.html
 #https://hackernoon.com/alpine-docker-image-with-secured-communication-ssl-tls-go-restful-api-128eb6b54f1f
 
+credit: 
 https://serverfault.com/questions/62496/ssl-certificate-location-on-unix-linux
 "/etc/ssl/certs/ca-certificates.crt",                // Debian/Ubuntu/Gentoo etc.
 "/etc/pki/tls/certs/ca-bundle.crt",                  // Fedora/RHEL 6

diff --git a/cacert note → cacert note - zscaler - custom cert b/cacert note → cacert note - zscaler - custom cert
diff --git a/cacert note b/cacert note
@@ -22,11 +22,18 @@ https://stackoverflow.com/questions/39356413/how-to-add-a-custom-ca-root-certifi
 >yarn config set strict-ssl true -g 
 >yarn config set cafile path/to/ca-bundle.crt -g 
 
+
 Docker
+#copy custom cert, in current build directory
 COPY zscaler-root-ca.crt /usr/local/share/ca-certificates/zscaler-root-ca.crt
-RUN update-ca-certificates
+
+# some base image don't have update-ca-certificates 
+RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/*
 # update-ca-certificates - add the cert to /etc/ssl/certs/ca-certificates.crt bundle
+RUN update-ca-certificates
+
 #http://manpages.ubuntu.com/manpages/xenial/man8/update-ca-certificates.8.html
+#https://hackernoon.com/alpine-docker-image-with-secured-communication-ssl-tls-go-restful-api-128eb6b54f1f
 
 https://serverfault.com/questions/62496/ssl-certificate-location-on-unix-linux
 "/etc/ssl/certs/ca-certificates.crt",                // Debian/Ubuntu/Gentoo etc.

diff --git a/cacert note b/cacert note
@@ -35,3 +35,22 @@ https://serverfault.com/questions/62496/ssl-certificate-location-on-unix-linux
 "/etc/pki/tls/cacert.pem",                           // OpenELEC
 "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", // CentOS/RHEL 7
 "/etc/ssl/cert.pem",                                 // Alpine Linux
+
+_Linux setup_
+On Fedora/RHEL/CentOS/Debian/Ubuntu I would add it to the OS trust store, and configure yarn to use the OS trust store. This will also make the registry trusted by your browser, and tools like curl/wget, openssl.
+
+Fedora/RHEL/CentOS
+
+Add the CA or self signed certificate to /etc/pki/ca-trust/source/anchors/.
+Run sudo update-ca-trust extract. If you use nodejs provided by Red Hat, that's it!
+
+If you have compiled nodejs yourself, or have downloaded nodejs from https://nodejs.org/, you need to configure yarn to use the OS trust store instead of the included static nodejs trust store:
+
+yarn config set cafile /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+Debian/Ubuntu
+
+This is similar to the instructions for Red Hat Enterprise Linux:
+
+Add your .crt file to /usr/local/share/ca-certificates
+sudo update-ca-certificates
+yarn config set cafile /etc/ssl/certs/ca-certificates.crt
diff --git a/cacert note b/cacert note
@@ -16,11 +16,11 @@ https://stackoverflow.com/questions/39356413/how-to-add-a-custom-ca-root-certifi
 >git config --global http.sslVerify true 
 >git config --global http.sslCAInfo path/to/ca-bundle.crt
 
->npm config -g set strict-ssl true 
->npm config -g set cafile path/to/ca-bundle.crt
+>npm config set strict-ssl true -g
+>npm config set cafile path/to/ca-bundle.crt -g
 
->yarn config -g set strict-ssl true 
->yarn config -g set cafile path/to/ca-bundle.crt
+>yarn config set strict-ssl true -g 
+>yarn config set cafile path/to/ca-bundle.crt -g 
 
 Docker
 COPY zscaler-root-ca.crt /usr/local/share/ca-certificates/zscaler-root-ca.crt

diff --git a/cacert note b/cacert note
@@ -19,8 +19,8 @@ https://stackoverflow.com/questions/39356413/how-to-add-a-custom-ca-root-certifi
 >npm config -g set strict-ssl true 
 >npm config -g set cafile path/to/ca-bundle.crt
 
->yarn config set strict-ssl true 
->yarn config set cafile path/to/ca-bundle.crt
+>yarn config -g set strict-ssl true 
+>yarn config -g set cafile path/to/ca-bundle.crt
 
 Docker
 COPY zscaler-root-ca.crt /usr/local/share/ca-certificates/zscaler-root-ca.crt

diff --git a/cacert note b/cacert note
@@ -1,3 +1,5 @@
+https://stackoverflow.com/questions/39356413/how-to-add-a-custom-ca-root-certificate-to-the-ca-store-used-by-pip-in-windows/52961564
+
 >pip config set global.cert path/to/ca-bundle.crt
 >pip config list  # user trusted-host
     pip.ini or pip.conf

diff --git a/cacert note b/cacert note
@@ -1,17 +1,30 @@
-pip config set global.cert path/to/ca-bundle.crt
-pip config list
+>pip config set global.cert path/to/ca-bundle.crt
+>pip config list  # user trusted-host
+    pip.ini or pip.conf
+    [global]
+    trusted-host = pypi.python.org
+                   pypi.org
+	                 files.pythonhosted.org
+    cert = /etc/ssl/certs/ca-bundle.crt
+(if config is not set, use pip --cert or --trust-host each call)
 
-conda config --set ssl_verify path/to/ca-bundle.crt
-conda config --show ssl_verify
+>conda config --set ssl_verify path/to/ca-bundle.crt (or false to disable)
+>conda config --show ssl_verify
 
-git config --global http.sslVerify true
-git config --global http.sslCAInfo path/to/ca-bundle.crt
+>git config --global http.sslVerify true 
+>git config --global http.sslCAInfo path/to/ca-bundle.crt
+
+>npm config -g set strict-ssl true 
+>npm config -g set cafile path/to/ca-bundle.crt
+
+>yarn config set strict-ssl true 
+>yarn config set cafile path/to/ca-bundle.crt
 
 Docker
 COPY zscaler-root-ca.crt /usr/local/share/ca-certificates/zscaler-root-ca.crt
 RUN update-ca-certificates
 # update-ca-certificates - add the cert to /etc/ssl/certs/ca-certificates.crt bundle
-
+#http://manpages.ubuntu.com/manpages/xenial/man8/update-ca-certificates.8.html
 
 https://serverfault.com/questions/62496/ssl-certificate-location-on-unix-linux
 "/etc/ssl/certs/ca-certificates.crt",                // Debian/Ubuntu/Gentoo etc.

diff --git a/cacert note b/cacert note
@@ -0,0 +1,22 @@
+pip config set global.cert path/to/ca-bundle.crt
+pip config list
+
+conda config --set ssl_verify path/to/ca-bundle.crt
+conda config --show ssl_verify
+
+git config --global http.sslVerify true
+git config --global http.sslCAInfo path/to/ca-bundle.crt
+
+Docker
+COPY zscaler-root-ca.crt /usr/local/share/ca-certificates/zscaler-root-ca.crt
+RUN update-ca-certificates
+# update-ca-certificates - add the cert to /etc/ssl/certs/ca-certificates.crt bundle
+
+
+https://serverfault.com/questions/62496/ssl-certificate-location-on-unix-linux
+"/etc/ssl/certs/ca-certificates.crt",                // Debian/Ubuntu/Gentoo etc.
+"/etc/pki/tls/certs/ca-bundle.crt",                  // Fedora/RHEL 6
+"/etc/ssl/ca-bundle.pem",                            // OpenSUSE
+"/etc/pki/tls/cacert.pem",                           // OpenELEC
+"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", // CentOS/RHEL 7
+"/etc/ssl/cert.pem",                                 // Alpine Linux
No results found