我正在尝试在Ubuntu 14.04 VM上安装Spinnaker(使用Halyard),使用这些安装说明 。
运行InstallHalyard.sh脚本后,在输出中看到以下错误:
Err https://dl.bintray.com trusty-stable/spinnaker amd64 Packages server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none Err https://dl.bintray.com trusty-stable/spinnaker i386 Packages server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none Ign https://dl.bintray.com trusty-stable/spinnaker Translation-en_CA Ign https://dl.bintray.com trusty-stable/spinnaker Translation-en W: Failed to fetch https://dl.bintray.com/spinnaker-releases/debians/dists/trusty-stable/spinnaker/binary-amd64/Packages server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none W: Failed to fetch https://dl.bintray.com/spinnaker-releases/debians/dists/trusty-stable/spinnaker/binary-i386/Packages server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
然后最后E: Unable to locate package spinnaker-halyard失败。
我的第一个想法是,我的虚拟机上的date/时间不同步,但它似乎是同步的。 我有NTP安装和运行。
myuser@spinnaker-test:~$ date Tue Nov 14 06:18:55 EST 2017
当我查看证书的到期date时,我看到我的虚拟机上的date/时间在这个范围内。
myuser@spinnaker-test:~$ echo | openssl s_client -servername dl.bintray.com -connect dl.bintray.com:443 2>/dev/null | openssl x509 -noout -dates notBefore=Nov 9 00:00:00 2017 GMT notAfter=Nov 9 23:59:59 2019 GMT
当我查看证书本身时,看起来是正确的,由输出底部的Verify return code: 0 (ok)指示。
myuser@spinnaker-test:~$ openssl s_client -connect dl.bintray.com:443 -showcerts -CAfile /etc/ssl/certs/ca-certificates.crt CONNECTED(00000003) depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify return:1 depth=1 C = US, O = GeoTrust Inc., OU = Domain Validated SSL, CN = GeoTrust DV SSL CA - G3 verify return:1 depth=0 CN = *.bintray.com verify return:1 --- Certificate chain 0 s:/CN=*.bintray.com i:/C=US/O=GeoTrust Inc./OU=Domain Validated SSL/CN=GeoTrust DV SSL CA - G3 -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- 1 s:/C=US/O=GeoTrust Inc./OU=Domain Validated SSL/CN=GeoTrust DV SSL CA - G3 i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- --- Server certificate subject=/CN=*.bintray.com issuer=/C=US/O=GeoTrust Inc./OU=Domain Validated SSL/CN=GeoTrust DV SSL CA - G3 --- No client certificate CA names sent --- SSL handshake has read 4256 bytes and written 421 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 ... Start Time: 1510658139 Timeout : 300 (sec) Verify return code: 0 (ok) ---
我试图更新可信任的证书存储,但仍然是同样的问题。
sudo update-ca-certificates
我也尝试重新安装所有的证书,但仍然是同样的问题。
sudo apt-get install --reinstall ca-certificates
我search了类似的问题在networking上的一些不同的网站,但似乎没有任何工作。 上周我做了这个工作,使用了相同的步骤。 甚至尝试重build虚拟机。
由于该证书看起来像是在2017年11月9日更新的,也许有一个正在使用的caching证书? 任何SSL专家证书可以帮助吗?