How to use/debug Debian preseed with SSL using Startssl Certs

debian ssl preseed

preseeding work perfect for me using:

auto url=http://mydomain.com/preseed.cfg

but as soon as i use a https connection, it doesn't work any more.

auto url=https://mydomain.com/preseed.cfg

with wget i can download the preseed file without a problem, with lynx i get an 

"SSL-Error:no issuer was found"

so it looks like a cert problem, i use startssl.com to generate my free certs, nginx acts as ssl webserver (no problem accessing the https site with firefox).

how to debug this? how to force to get the file over the ssl connection?


The problem is that the wget from busybox is not compiled to support SSL. And there are no Certificate Authorities stored in d-i (so it really can't validate the server certificate).

The solution would be to add real wget into the initrd and add a trusted Certificate Authority.


@alekibango and @bahamat are correct, wget from busybox is not compiled to support SSL. But as of 2014, you can enable the --no-check-certificate parameter via the boot parameter:

debian-installer/allow_unauthenticated_ssl=true

I had to do this for Ubuntu 16.04 Xenial.

I found this information at: https://bugs.launchpad.net/ubuntu/+source/debian-installer/+bug/833994#yui_3_10_3_1_1504942623880_1343

Related

Ganeti master IP and cluster name
Linux :: Shared aliases in /etc/profile.d not applied to root user, why?
RemoteIpValve not doing it's job
Puppet: Checking sets of variables
find page size and number of pages of a process in linux
If fiber runs 1gig fine, are there any concerns when considering upgrading to 10gig transceivers?
VirtualBox: vboxsf filesystem wrongly detected as readonly?
Do I need to zero-fill a qcow2 image before compacting it?
Phantom NIC issue causing eth0/1 to drop out
Directory with read and write for a user is permission denied, but fine with execute permissions
How to measure server power consumption?
Clock is 10% faster than normal