Comment 9 for bug 1620755

Revision history for this message
David A. Desrosiers (setuid) wrote :

This is an intractable chicken-and-egg problem.

How does one install snap-store-proxy using snap as described here:

   https://docs.ubuntu.com/snap-enterprise-proxy/en/install

...if one can't use snap from behind the proxy, because snapd doesn't have the ability to read the system certificate chain, where the enterprise certificates have been installed and configured for use by all other apps?

$ sudo snap install snap-store-proxy
2019/09/05 15:50:26.123559 error.go:102:
DEBUG: error: cannot install "snap-store-proxy":
Post https://api.snapcraft.io/v2/snaps/refresh: x509: certificate signed by unknown authority
error: cannot install "snap-store-proxy":
Post https://api.snapcraft.io/v2/snaps/refresh: x509:
       certificate signed by unknown authority

snapd is wrong here, and must permit the ability to use an enterprise-signed SSL certificate, as managed in the system certificate chain in /etc/ssl/certs, just as every other app that needs certificate validation does (wget, curl, python, pip, ansible, etc.)

What's the real solution here?