groob
stefanmaerz
06/20/2019, 2:09 PMzwass
stefanmaerz
06/20/2019, 8:59 PMzwass
stefanmaerz
06/21/2019, 6:11 PMopenssl verify -CAfile ca-cert-DigiCert_Global_Root_CA.pem -untrusted ca-cert-DigiCertSHA2SecureServerCA.pem ssocert.pem
ssocert.pem: OK
ssocert.pem is a properly formatted PEM cert which I pulled from the SSO metadata from my IdP.
I noticed the Digicert's Leaf Cert (DigiCertSHA2SecureServerCA
) isn't in Alpine's /etc/ssl/certs/ca-certificates.crt
which I would expect a Public CA like Digicert to be in already. I digress...
So I followed some instructions on the interwebs and got it included in the ca-certificates.crt
file. However many people are having mixed sucess with Alpine's `update-ca-certificates`: https://github.com/gliderlabs/docker-alpine/issues/30
So I suspect something about update-ca-certificates
isn't behaving properly. 😭zwass
stefanmaerz
06/21/2019, 7:04 PMzwass
stefanmaerz
06/21/2019, 8:18 PMzwass