25.03.2019 18:04, Hermann-Josef Beckers пишет:
-----Original Message----- From: Andrei Borzenkov <arvidjaar@gmail.com> Sent: Monday, March 25, 2019 3:45 PM To: Hermann-Josef Beckers <Hermann-Josef.Beckers@kreis-steinfurt.de> Cc: oS-en <opensuse@opensuse.org> Subject: Re: [opensuse] Self signed certificate
...
You apparently have intercepting proxy that terminates SSL stream so it has access to unencrypted data. Such gateways then establish new SSL connection to final destination. Is it proxy under your control?
...
Not me personally, but by our network admins.
Well, you need to contact your admins then and ask them. If it is intentional and required by your site policy, there is not much you can do except ignoring certificate validation errors.
I did that and they advise me to use the already mentioned *.cer file. "The server must trust this certificate". I'm back to the question: how do i do that? Which tool must I use?
I do not see any point in trusting your proxy certificate (it does not verify that you actually fetch packages from the correct server anyway) so the simple solution is to disable SSL certificate verification for this repo. See man zypper, it would be something like https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-opensuse/?ssl_ver... Or just do not use HTTPS in the first place. If you insist on trusting this certificate globally, copy it into /etc/pki/trust/anchors and run update-ca-certificates. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org