2
1
I'm trying to install Vagrant plugin on corporate network with its own root certificate, but it fails with:
$ vagrant plugin install vagrant-timezone --plugin-source http://rubygems.org
Installing the 'vagrant-timezone' plugin. This can take a few minutes...
...
Could not verify the SSL certificate for https://gems.hashicorp.com/.
There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see http://bit.ly/ruby-ssl. To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'.
...
Warning: this Gemfile contains multiple primary sources. Using `source` more than once without a block is a security risk, and may result in installing unexpected gems. To resolve this warning, use a block to indicate which gems should come from the secondary source. To upgrade this warning to an error, run `bundle config disable_multisource true`.Warning: this Gemfile contains multiple primary sources. Using `source` more than once without a block is a security risk, and may result in installing unexpected gems. To resolve this warning, use a block to indicate which gems should come from the secondary source. To upgrade this warning to an error, run `bundle config disable_multisource true`.Retrying fetcher due to error (2/4): Bundler::Fetcher::CertificateFailureError Could not verify the SSL certificate for https://gems.hashicorp.com/.
The certificate works fine under the web browsers, but somehow Vagrant doesn't understand these system certificates. I did use http
instead of https
as above, but this didn't help.
Any other workarounds for such problem?
1Isn't your company intercepting SSL with Blue Coat? Are you using proxy? If you go to
https://gems.hashicorp.com/
in your browser can you see GeoTrust -> RapidSSL -> *.hashicorp.com, or your company certificate? – techraf – 2016-09-09T11:37:05.850@techraf I think they're intercepting SSL with Blue Coat. All the websites have their own root chain certificates, so it also happening without any proxy configuration. – kenorb – 2016-09-09T11:40:26.550
So
curl https://gems.hashicorp.com/
fails too, right? – techraf – 2016-09-09T11:42:53.6971@techraf Curl works fine, I've managed to workaround the issue by editing
mixin_install_opts.rb
and replacinghttps
withhttp
, quiet dirty workaround. – kenorb – 2016-09-09T11:44:44.387@techraf Since you mentioned Blue Coat, I assume you're familiar with that app, are you able to answer: What Blue Coat Unified Agent application do?
– kenorb – 2016-09-09T13:49:25.440I wasn't even aware of its existence. I just happened to work in environments with Blue Coat Proxy and encountered similar issues. – techraf – 2016-09-10T00:47:02.013