Currently SSL verification only works if you explicitly set the ca_trust_path on a connection. If i try to connect without setting it, i get an error that it can't establish SSH trust (with verification) even though the CA certificate is in my system's CA store (/etc/pki/tls/cert.pem).
If i explicitly set ca_trust_path: '/etc/pki/tls/cert.pem', then the connection works just fine with SSL verification enabled.
It looks like in order to support looking for CA certs in the default system paths, we would need to call
mwrock
commented
3 years ago
Currently SSL verification only works if you explicitly set the
ca_trust_pathon a connection. If i try to connect without setting it, i get an error that it can't establish SSH trust (with verification) even though the CA certificate is in my system's CA store (/etc/pki/tls/cert.pem).If i explicitly set
ca_trust_path: '/etc/pki/tls/cert.pem', then the connection works just fine with SSL verification enabled.It looks like in order to support looking for CA certs in the default system paths, we would need to call
Here, i think? https://github.com/WinRb/WinRM/blob/master/lib/winrm/http/transport.rb#L26
Reference: https://makandracards.com/makandra/50532-making-httpclient-use-the-operating-system-s-ssl-cert-store
If this sounds reasonable, i'll happily make a PR!