I'm having trouble running Vagrant commands behind a corporate proxy server and self-signed CA certificates. I configured the environment variables variables HTTP_PROXY, HTTPS_PROXY and HTTP_NO_PROXY.
I have a Java keystore that contains all corporate certificates. I used the -exportcert parameter of the keytool command with many options. I also used the openssl command with numerous options and without any success I placed the resulting files in several places inside the Ruby built-in directories in the Vagrant installation.
I read a lot of sites containing Ruby and curl configuration information, but had no success in getting Vagrant teams to work. All the posts I found focus on Ruby and curl options that I don’t understand how to use with Vagrant, which includes Ruby as a built-in component of Vagrant.
Please provide instructions on how to correctly export certificates from the Java keystore and possibly convert them and put the resulting files so that Vagrant can successfully communicate through a corporate proxy on the Internet.
Vagrant 1.9.5 on Windows 7
Vagrant C installation directory: \ Apps \ Vagrant \
C:\WorkArea> vagrant plugin install vagrant.proxyconf
ERROR: SSL verification error at depth 3: self signed certificate in certificate chain (19)
ERROR: Root certificate is not trusted (/C=US/O=xxx xxx/OU=xxx xxx Certification Authority/CN=xxx xxx Root Certification Authority 01 G2)
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://api.rubygems.org/specs.4.8.gz)
C:\WorkArea> vagrant up
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Box 'puppetlabs/ubuntu-16.04-64-puppet' could not be found. Attempting to find and install...
default: Box Provider: virtualbox
default: Box Version: >= 0
The box 'puppetlabs/ubuntu-16.04-64-puppet' could not be found or
could not be accessed in the remote catalog. If this is a private
box on HashiCorp Atlas, please verify you're logged in via
`vagrant login`. Also, please double-check the name. The expanded
URL and error message are shown below:
URL: ["https://atlas.hashicorp.com/puppetlabs/ubuntu-16.04-64-puppet"]
Error: SSL certificate problem: self signed certificate in certificate chain
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl verification of the certificate, use
the -k (or --insecure) option.
source
share