While the Let's Encrypt root certificate ISRG_Root_X1.crt is already
present, openssl seems to still check for the root certificate
DST_Root_CA_X3.crt which has expired. This prevent https connections.
Removing DST_Root_CA_X3 fix the issue.
Signed-off-by: Anthony PERARD <anthony.per...@citrix.com>
---
Notes:
v3:
- remove change to Debian Jessie containers, as we won't use them with
HTTPS urls.
v2:
- remove unneeded changes to CentOS containers
automation/build/ubuntu/trusty.dockerfile | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/automation/build/ubuntu/trusty.dockerfile
b/automation/build/ubuntu/trusty.dockerfile
index b298a515c6..22e294c20c 100644
--- a/automation/build/ubuntu/trusty.dockerfile
+++ b/automation/build/ubuntu/trusty.dockerfile
@@ -47,3 +47,8 @@ RUN apt-get update && \
apt-get autoremove -y && \
apt-get clean && \
rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/*
+
+# Remove expired certificate that Let's Encrypt certificates used to relie on.
+# (Not needed anymore)
+RUN sed -i 's#mozilla/DST_Root_CA_X3\.crt#!\0#' /etc/ca-certificates.conf && \
+ update-ca-certificates
--
Anthony PERARD
