LXD remote images.linuxcontainers.org MITM Trust Internal Cert Authority


(Kat Morgan) #1

Question: LXD installed via ppa does not use system pki trust, how do I tell LXD to trust the new CA or cert issued by the mitm proxy?

I have an internal CA which is trusted by my server. This CA is used to back an MITM ssl bump proxy.

With said proxy between host & images.linuxcontainers.org lxd fails with the following:
Error: Failed container creation: Get https://cloud-images.ubuntu.com/releases/streams/v1/index.json: x509: certificate signed by unknown authority

So far, my CA has been imported into the system ca-certificates. I tried lxc trust add * and lxc remote remove + lxc remote add to pull in the new server certificate from the proxy and I am coming up dry on those attempts.


(Kat Morgan) #2

For the record I solved this with a host reboot face palm