Virtual-environments: Missing root certificates on windows-2019: X509: CERTIFICATE SIGNED BY UNKNOWN AUTHORITY
Describe the bug
On the windows-2019, not all root CA certificates are installed. Some are missing (for example Quo Vadis). This leads for some tools to the following error: X509: CERTIFICATE SIGNED BY UNKNOWN AUTHORITY when calling a API vis SSL.
Area for Triage:
Servers
Question, Bug, or Feature?:
Bug
Virtual environments affected
- [ ] macOS 10.15
- [ ] Ubuntu 16.04 LTS
- [ ] Ubuntu 18.04 LTS
- [ ] Windows Server 2016 R2
- [X] Windows Server 2019
Expected behavior
I expect the same default root CAs on windows-2019 then on Windows 10 or Linux. If I run gci Cert:\CurrentUser\AuthRoot on my Windows 10, I get a list of 30 entries (including QuoVadis).
Actual behavior
If I run gci Cert:\CurrentUser\AuthRoot on windows-2019 I only get a list of 19 entries.
Workaraound
As a workaround you can install the certificates in the pipeline using certutil:
certutil -f -addstore root <FILEPATH>.cer
I posted the workaround here.
wulfland
All 4 comments
Hello, @wulfland
Could you please check the list of certificates after import? If this list is good for you we can import it on image.
- name: Import Root CA
run: |
$null = certutil.exe -generateSSTFromWU roots.sst
Import-Certificate -FilePath roots.sst -CertStoreLocation Cert:\LocalMachine\Root
shell: powershell
al-cheb
on 26 Mar 2020
Hello @al-cheb ,
I tested it and it works 馃憤 . Now that's a big list your are going to import :-D
wulfland
on 26 Mar 2020
Hello, @wulfland
We have installed missing certificates on Windows Server 2019 image. Could you please validate your workflow?
al-cheb
on 27 Apr 2020
Hi @al-cheb
Works perfectly! Thanks for the help!
wulfland
on 27 Apr 2020
Related issues
ydnar
路
3Comments
shivammathur
路
3Comments
ethomson
路
4Comments
Tnze
路
4Comments
trajano
路
3Comments
Most helpful comment
Hi @al-cheb
Works perfectly! Thanks for the help!