Forked from nmarchini/gist:6c03f083176f4424817aa725b6c9ac3a
Created
September 19, 2023 13:34
-
-
Save lijie2000/d1017f0b439addaf6a02f22d798fb96a to your computer and use it in GitHub Desktop.
AWS SSL Certificate issue --ca-bundle AWS_CA_BUNDLE
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| This gets around the issue seen below when trying to run AWS CLI commands. Some networking devices that intercept the traffic can act like a main in the middle so can cause this issue | |
| $ aws s3 ls | |
| SSL validation failed for https://s3.eu-west-1.amazonaws.com/ [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1076) | |
| There are a few ways to fix this, AWS docs say you can add the line for ca_bundle to the ~/.aws/config file but this didn't work for me as it was being overridden by a global environment variable. | |
| [default] | |
| region = eu-west-1 | |
| output = json | |
| ca_bundle = path/to/ca-cert/cacert.pem | |
| From a bash shell type the command below to see if you have an existing environment variable set | |
| env | grep AWS_CA_BUNDLE | |
| It there is nothing that comes back then try the config file fix above. If there is something set then you may need to override it by setting the variable to the point to the correct path | |
| I did this with the following line in my .bash_profile file. | |
| export AWS_CA_BUNDLE=/path/to/ca-cert/cacert.pem | |
| Restart your shell and try the env command again, it should have been updated. | |
| Then try the AWS commands again and they should work | |
| References = https://docs.amazonaws.cn/en_us/cli/latest/userguide/cli-configure-files.html#cli-configure-files-global |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment