vagrant icon indicating copy to clipboard operation
vagrant copied to clipboard
verified publisher icon hashicorp

SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) (https://gems.hashicorp.com/specs.4.8.gz)

Open MichalKalita2 opened this issue 3 years ago • 2 comments

HashiCorp Discuss: https://discuss.hashicorp.com/c/vagrant/24 Thank you!

Vagrant version

Vagrant 2.2.19

Host operating system

Microsoft Windows [Version 10.0.19042.1645]

Guest operating system

NA

Vagrantfile

# Copy-paste your Vagrantfile here (but don't include sensitive information such as passwords, authentication tokens, or email addresses)

Note: Included whole vagrantfile because I don't know what is relevant to the issue.

-- mode: ruby --

vi: set ft=ruby :

Vagrantfile API/syntax version. Don't touch unless you know what you're doing!

VAGRANTFILE_API_VERSION = "2"

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| os = "generic/ubuntu2004" net_ip = "192.168.50"

config.vm.define :master, primary: true do |master_config| master_config.vm.provider "virtualbox" do |vb| vb.memory = "2048" vb.cpus = 1 vb.name = "master" end

master_config.vm.box = "#{os}"
master_config.vm.host_name = 'saltmaster.local'
master_config.vm.network "private_network", ip: "#{net_ip}.10"
master_config.vm.synced_folder "saltstack/salt/", "/srv/salt"
master_config.vm.synced_folder "saltstack/pillar/", "/srv/pillar"
master_config.vm.box_download_insecure = true

master_config.vm.provision :salt do |salt|
  salt.master_config = "saltstack/etc/master"
  salt.master_key = "saltstack/keys/master_minion.pem"
  salt.master_pub = "saltstack/keys/master_minion.pub"
  salt.minion_key = "saltstack/keys/master_minion.pem"
  salt.minion_pub = "saltstack/keys/master_minion.pub"
  salt.seed_master = {
                      "minion1" => "saltstack/keys/minion1.pub",
                      "minion2" => "saltstack/keys/minion2.pub"
                     }

  salt.install_type = "stable"
  salt.install_master = true
  salt.no_minion = true
  salt.verbose = true
  salt.colorize = true
  salt.bootstrap_options = "-P -c /tmp -x python3"
end

end

[ ["minion1", "#{net_ip}.11", "1024", os ], ["minion2", "#{net_ip}.12", "1024", os ], ].each do |vmname,ip,mem,os| config.vm.define "#{vmname}" do |minion_config| minion_config.vm.provider "virtualbox" do |vb| vb.memory = "#{mem}" vb.cpus = 1 vb.name = "#{vmname}" end

  minion_config.vm.box = "#{os}"
  minion_config.vm.hostname = "#{vmname}"
  minion_config.vm.network "private_network", ip: "#{ip}"

  minion_config.vm.provision :salt do |salt|
    salt.minion_config = "saltstack/etc/#{vmname}"
    salt.minion_key = "saltstack/keys/#{vmname}.pem"
    salt.minion_pub = "saltstack/keys/#{vmname}.pub"
    salt.install_type = "stable"
    salt.verbose = true
    salt.colorize = true
    salt.bootstrap_options = "-P -c /tmp -x python3"
  end
end

end end

Debug output

https://gist.github.com/MichalKalita2/d89a9a18394f5f69e340c9dceb98ad04

Expected behavior

Here is a link to show what should have happened, https://github.com/UtahDave/salt-vagrant-demo.

Actual behavior

What actually happened? When I ran vagrant plugin install vagrant-vbguest, it gave me this Installing the 'vagrant-vbguest' plugin. This can take a few minutes... ERROR: SSL verification error at depth 1: self signed certificate in certificate chain (19) ERROR: Root certificate is not trusted (/CN=WWD SSL CA/O=WWD/OU=ITSEC/L=Chicago/ST=IL/C=US) Vagrant failed to load a configured plugin source. This can be caused by a variety of issues including: transient connectivity issues, proxy filtering rejecting access to a configured plugin source, or a configured plugin source not responding correctly. Please review the error message below to help resolve the issue:

SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) (https://gems.hashicorp.com/specs.4.8.gz)

Source: https://gems.hashicorp.com/

Steps to reproduce

1.Install Vagrant on Company Laptop 2. run vagrant plugin install vagrant-vbguest 3. receive error

References

Are there any other GitHub issues (open or closed) that should be linked here? For example:

  • GH-1234
  • https://github.com/hashicorp/vagrant/issues/11548
  • https://github.com/hashicorp/vagrant/issues/9309

MichalKalita2 avatar May 13 '22 15:05 MichalKalita2

I found one way to fix the issue. You need to find your server's certificate code/hash and paste into the cacert.pem file, following the.pem syntax. If one windows, don't use notepad as that can append extra unwanted terminal characters, instead use notepad++ to edit the .pem file. Windows 10 does not have access to vars such as SSL_CERT_FILE or CURL_CA_BUNDLE so don't even bother, these are most likely Linux exclusive things.

MichalKalita2 avatar May 13 '22 19:05 MichalKalita2

There is a way to disable SSL verification by placing :ssl_verify_mode: 0 in ~/.gemrc. @chrisroberts mentioned that the latest (at that time) version should have that functionality working, but that does not appear to be the case. My corp network places an SSL cert on the proxy causing this error. Placing :ssl_verify_mode: 0 in ~/.gemrc does nothing.

As mentioned in the previous comment, appending the corporate certificate contents to Vagrant's cacert.pem file as suggested here worked.

psipika avatar May 27 '22 01:05 psipika

Hi there,

This can be resolved by your company's IT team allowing access to rubygems.org or by disabling ssl verification as mentioned above.

Cheers!

chrisroberts avatar Jun 30 '23 21:06 chrisroberts