Ask Your Question

Docker image build SSL error

asked 2019-02-14 09:57:20 -0600

rwetzeler gravatar image

I'm having issues with the docker image build in which case I'm running :

# Fix the stagelibs command to run on Alpine Linux
RUN sed -i -e 's/run sha1sum --status/run sha1sum -s/g'  ${SDC_DIST}/libexec/_stagelibs

# Install the necessary stagelibraries

RUN if [[ ! -z $ADD_LIBS ]]; then $SDC_DIST/bin/streamsets stagelibs -install=$ADD_LIBS ; fi

But this gives an SSL Certificate problem which I suspect has to do with my corporate network traffic capturing SSL traffic but I'm unsure as to how best to solve this.

(1/3) Installing libcap (2.25-r1)
(2/3) Installing talloc (2.1.10-r0)
(3/3) Installing cifs-utils (6.7-r0)
Executing busybox-1.26.2-r11.trigger
Executing glibc-bin-2.25-r0.trigger
OK: 25 MiB in 39 packages
Removing intermediate container 68f2d8eb4d6a
 ---> a32c86ac20d6
Step 7/23 : RUN sed -i -e 's/run sha1sum --status/run sha1sum -s/g'  ${SDC_DIST}/libexec/_stagelibs
 ---> Running in 40ab98154124
Removing intermediate container 40ab98154124
 ---> 7d9cbe418e7a
Step 8/23 : RUN if [[ ! -z $ADD_LIBS ]]; then $SDC_DIST/bin/streamsets stagelibs -install=$ADD_LIBS ; fi
 ---> Running in f1d2dd0d5896

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here:

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
Failed! running curl -s -f -SL -o /tmp/sdc-setup-6/ in /opt/streamsets-datacollector-3.5.0

The command '/bin/sh -c if [[ ! -z $ADD_LIBS ]]; then $SDC_DIST/bin/streamsets stagelibs -install=$ADD_LIBS ; fi' returned a non-zero code: 60
edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2019-02-14 10:09:24 -0600

metadaddy gravatar image

The _right_ way to fix this would be to install the correct root CA certificate into curl - see the curl page references in the error:

_Another_ way to do this, mentioned in that page, would be to tell curl to trust _any_ CA cert. You could do this by adding another RUN sed command to add the -k command to curl:

RUN sed -i -e 's/run curl/run curl -k/g'  ${SDC_DIST}/libexec/_stagelibs
edit flag offensive delete link more
Login/Signup to Answer

Question Tools

1 follower


Asked: 2019-02-14 09:57:20 -0600

Seen: 707 times

Last updated: Feb 14 '19