Using a self-signed SSL cert for an HTTPS-based internal APT repository

apt repository debian ssl-certificate ubuntu

I don't use client authentication, only HTTPS, but I only got it to work using this:

Acquire::https {
        Verify-Peer "false";
        Verify-Host "false";
}

I put this into the file, /etc/apt/apt.conf.d/90sslverify.


Recently, I have encountered a similar problem. I solved it by adding SslForceVersion option.

My config is like:

Acquire::https::test.com {
    Verify-Peer "true";
    Verify-Host "true";

    CaInfo "/tmp/ca.crt";

    SslCert "/tmp/client.crt";
    SslKey  "/tmp/client.key";
    SslForceVersion "SSLv3";
};

I solved it in another way, by installing the ca-certificate.

  1. Copy your *.crt file to /usr/local/share/ca-certificates/
  2. run sudo update-ca-certificates

Works with Ubuntu 14.04.


In askubuntu, I found a somewhat simpler version of this solution and one that limited the option to a single host.

Acquire::https::mirror.ufs.ac.za::Verify-Peer "false";

This worked for me.

The questioner here, however, wanted to preserve authentication; I tried a few things along the above lines, but couldn't make it work either. On the other hand, since my repository is signed and I have installed the signing key, the SSL authentication isn't critical for security.

Related

Remote Desktop Connection Screen is totally black but server is working perfectly
Is it ethical to hack real systems? [closed]
How to get dig +short to return something when there is no answer?
SSH access gateway for many servers
Why is it called Windows Server 2008 R2? Why not simply call it Windows Server 2010?
Find out which database in SQL Server 2005 uses how much RAM
How to check TCP timeout in linux / macos?
SQL command INSERT is working but the data not appear in table
OpenCV Birdseye view without loss of data
advanced formatted text field input manipulation?
Difference between .getPath() vs cursor in getting the real path of a file from uri in Android
Oracle trigger after insert or delete