Hello,--I am trying to run:
vagrant box update --box ubuntu/trusty64
from a macOS machine running behind Websense. I am taking the following error:
There was an error while downloading the metadata for this box.
The error message is shown below:
SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.
HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure.We assume the issue is that Websense is terminating SSL, inspecting the traffic and then injecting it's own certificate before passing the traffic along. Websense's certificate isn't recognized by curl and rejected. Using the --insecure option does resolve the problem. I would prefer to not use --insecure, and adding Websense's cert to the list of trusted certs isn't an option either. What I can do is have IP's whitelisted in Websense so that their SSL isn't interfered with. I am having a hard time tracking down all the IP's Vagrant is hitting behind scenes, and was hoping there was some documentation somewhere detailing which IP's need to be whitelisted to work with Websense?Thanks,Alex
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/mitchellh/vagrant/issues
IRC: #vagrant on Freenode
---
You received this message because you are subscribed to the Google Groups "Vagrant" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vagrant-up+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/7ccf979c-ab52-4486-a724-762faa5fcf9a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.