Skip to content

Instantly share code, notes, and snippets.

@dmexs

dmexs/SelfSignedSSLCertWorkarounds.md

Last active January 10, 2025 22:01
Show Gist options
  • Save dmexs/8d2100ae0fc464ca0b95c93e7d9aa3c4 to your computer and use it in GitHub Desktop.
Save dmexs/8d2100ae0fc464ca0b95c93e7d9aa3c4 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
SelfSignedSSLCertWorkarounds.md

Custom Root CA Settings

Podman VM (on Mac)

https://github.com/containers/podman/blob/main/docs/tutorials/podman-install-certificate-authority.md

Update System Store (Debian/Ubuntu)

Often ignored by many package managers, languages, and apps but worth doing anyway. The following works in debian/ubuntu based containers. The finalized store is accessible afterwards at /etc/ssl/certs/ca-certificates.crt which can be referenced below.

USER root
RUN mkdir /usr/local/share/ca-certificates/extra
COPY certs/*.crt /usr/local/share/ca-certificates/extra/
RUN update-ca-certificates

NodeJS

export [NODE_EXTRA_CA_CERTS]=/etc/ssl/certs/ca-certificates.crt

Yarn

yarn config set cafile /etc/ssl/certs/ca-certificates.crt

Python PIP

pip install truststore \
&& pip config set global.use-feature truststore

Python Poetry

Needs to be set for each repository:

poetry config certificates.PyPI.cert /etc/ssl/certs/ca-certificates.crt \
&& poetry config repositories.FPHO https://files.pythonhosted.org \ 
&& poetry config certificates.FPHO.cert /etc/ssl/certs/ca-certificates.crt \
&& poetry config repositories.Torch https://download.pytorch.org \ 
&& poetry config certificates.Torch.cert /etc/ssl/certs/ca-certificates.crt

Python Requests

export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt

Insercure Bypass

Not recommended, but sometimes times are desperate..

NodeJS

export NODE_TLS_REJECT_UNAUTHORIZED = 0

Yarn

  • yarn config set enableStrictSsl false
  • yarn config set "strict-ssl" false
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment