Skip to content

Ercan Ermis

notes for everyone

Menu
  • AWS
  • Kubernetes
  • Linux
  • DevOps
  • Docker
  • GCP
  • Uncategorized
  • Contact Me
Menu

SSL CA Problem on CentOS7 Docker and Solution

Posted on March 8, 2022March 8, 2022 by Ercan
Share this...
Tweet about this on Twitter
Twitter
Share on LinkedIn
Linkedin
Share on Reddit
Reddit
Email this to someone
email
Share on StumbleUpon
StumbleUpon
Share on Facebook
Facebook

When I’m playing with CentOS7 docker image on MacBookPro M1, it looks like it doesn’t connect to the servers which require HTTPS connection.

For example, when I run yum -y update the command it returns curl: (77) Problem with the SSL CA cert (path? access rights?). Hmm, it looks like an OS Bug because my ca-certificates are okay.

I tried to send a GET command via curl and it looks like doesn’t work.

$ curl -vvv https://google.com
* About to connect () to google.com port 443  ( # 0) 
* Trying 216.58.212.142 ...
* Connected to github.com (216.58.212.142) port 443 (#0)
* Initializing NSS with certpath: sql: / etc / pki / nssdb
* Closing connection 0 curl: ( 77 ) Problem with the SSL CA cert ( path? Access rights? )

wget also doesn’t work with HTTPS connections and I do some research online and I see it’s a real bug. Here is the details; https://bugs.centos.org/view.php?id=16282

The Solution

$ touch "/etc/sysconfig/64bit_strstr_via_64bit_strstr_sse2_unaligned"

Yes, that’s it. We just need this file to run TCP connections securely. Here is the results after the solution.

$ curl -I https://google.com
HTTP/2 301
location: https://www.google.com/
content-type: text/html; charset=UTF-8
date: Tue, 08 Mar 2022 08:16:51 GMT
expires: Tue, 08 Mar 2022 08:16:51 GMT
cache-control: private, max-age=2592000
server: gws
content-length: 220
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+370; expires=Thu, 07-Mar-2024 08:16:51 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

It is also a mystery that it is reproduced only on the M1 machine so far. But for the time being, I was able to identify the cause, and it’s okay to reach the goal, right?

Share on Social Media
twitter facebook linkedin reddit
Share this...
Tweet about this on Twitter
Twitter
Share on LinkedIn
Linkedin
Share on Reddit
Reddit
Email this to someone
email
Share on StumbleUpon
StumbleUpon
Share on Facebook
Facebook

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Scaling PHP Applications on AWS
  • Create an S3 Bucket and Set a Policy via CLI
  • Issue a Let’s Encrypt SSL with the AWS Route53
  • Automate Let’s Encrypt SSL on AWS Application Load Balancer
  • Let’s Learn Kubernetes – Part 3
  • Deploy a website to S3 and CloudFront with Bitbucket Pipelines
  • Let’s Learn Kubernetes – Part 2
  • Protect your AWS Account with specified IPs
  • Let’s Learn Kubernetes – Part 1
  • Differences between AWS CLI v1 and v2
  • SSL CA Problem on CentOS7 Docker and Solution
  • What do I have?
  • Deploy HA nginx to AWS ECS with Geolocation Routing via Terraform
  • Deploy nginx docker to AWS ECS with Terraform Automation
  • How to Install Node Exporter on Linux Server
  • FortiClient Problem on M1 MacBookPro Problem Solution
  • Connect your AWS to GCP with Terraform via IPSec Site-to-Site VPN
  • Google Cloud Platform Automation with Terraform Easily
  • How to secure your Amazon Web Services account
  • Install UGREEN USB Ethernet Adapter on macOS
  • Redirect 301 HTTPS on App Engine with nginx on Google Cloud Platform
  • Set two different Target Groups on AWS Load Balancer with Terraform
  • Extend your ec2 Linux disk without reboot on Amazon Web Services
  • Create a New Grant User on AWS RDS (MariaDB)
  • Amazon S3 CORS Settings with CloudFront on Amazon Web Services
  • Take your GitLab backup everyday if it works in Docker
  • Find large files in CentOS, ubuntu and MacOS easily
  • Fix “Error: rpmdb open failed” on CentOS or Amazon Linux 2
  • Error: No space left on the device when starting/stopping services only
  • Juniper SRX110H-VA VDSL2 Configuration Step by Step
  • Enable Logrotation for Docker Containers
  • Download specific file extension via wget easily on terminal
  • Find the exact size of certain files in Linux via terminal
  • Disable SELinux on CentOS 7 or CentOS 8
  • Hello Blog!

Tag Cloud

active-active amazon linux 2 amazon web services automation aws basics bucket policy bug centos centos7 cloud cloudfront container container management curl deployment devops docker ec2 ecs fargate file size gcp gitlab google cloud platform internet k8s kubernetes kubernetes architecture kubernetes basics linux macos monitoring node exporter pipeline prometheus reliability router s3 security terraform ubuntu verification method wget yum

Archive

  • August 2022 (1)
  • July 2022 (3)
  • June 2022 (6)
  • March 2022 (1)
  • July 2021 (1)
  • May 2021 (5)
  • April 2021 (5)
  • February 2021 (1)
  • January 2021 (1)
  • September 2020 (2)
  • July 2020 (1)
  • April 2020 (1)
  • March 2020 (1)
  • February 2020 (1)
  • November 2019 (5)
©2022 Ercan Ermis | Built using WordPress and Responsive Blogily theme by Superb