Alpine Image Certificate issue - tls_post_process_server_certificate:certificate verify failed

I’m trying to build an Alpine image that includes my organization’s CA certificate, but I’m encountering issues when attempting to install curl using apk add. The installation fails, although I can access .tar files over HTTPS without any problems.

Here’s the sequence of commands and output I’m seeing:

/usr/local/share # update-ca-certificates
WARNING: ca-cert-my-cert.pem does not contain exactly one certificate or CRL: skipping
WARNING: ca-cert-my-cert-trust.pem does not contain exactly one certificate or CRL: skipping
/usr/local/share # ls
ca-certificates  perl5  test
/usr/local/share # apk add curl
fetch https://dl-cdn.alpinelinux.org/alpine/v3.20/main/x86_64/APKINDEX.tar.gz
28BB7CAA0C7F0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:2091:
WARNING: updating and opening https://dl-cdn.alpinelinux.org/alpine/v3.20/main: Permission denied
fetch https://dl-cdn.alpinelinux.org/alpine/v3.20/community/x86_64/APKINDEX.tar.gz
28BB7CAA0C7F0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:2091:
WARNING: updating and opening https://dl-cdn.alpinelinux.org/alpine/v3.20/community: Permission denied
OK: 99 MiB in 103 packages
/usr/local/share # curl https://dl-cdn.alpinelinux.org/alpine/v3.20/community
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.27.1</center>
</body>
</html>
/usr/local/share # curl -o /tmp/test.tar https://dl-cdn.alpinelinux.org/alpine/v3.20/main/x86_64/APKINDEX.tar.gz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  461k  100  461k    0     0   584k      0 --:--:-- --:--:-- --:--:--  584k
/usr/local/share #

It appears that there may be an issue with the SSL certificate verification during the apk add process, even though I can access the URLs directly with curl . Has anyone experienced similar issues or have suggestions on how to resolve this?

You are trying this in a corporate network that requires a proxy to connect to the Internet?

The error message indicates that the certificates have not been added, and even says why it didn’t add them. It seems it accepts exactly one certificate per pem file.

yes im trying to install packages with https but i can curl with https

 curl -o /tmp/test.tar https://dl-cdn.alpinelinux.org/alpine/v3.20/main/x86_64/APKINDEX.tar.gz

im facing this issue only in alpine images

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.