Container doesn't load CA Certificates when started.

[teixemf]

Behaviour

Container doesn't load CA Certificates when started. I tested it while trying to use User Authentication over LDAPS.

Steps to reproduce this issue

1. Map the directory with your CA Certificates to directory "/usr/local/share/ca-certificates/" inside your container.
2. Test the usage of some service that needs the CA Certificate. In my particular case, it was user login with LDAPS.

Expected behaviour

LibreNMS should be able to able to verify the authenticity of the LDAP server certificate.

Actual behaviour

LibreNMS fails to verify the authenticity of the LDAP server certificate.

[teixemf]

To overcome the issue the LibreNMS container should run the command /usr/sbin/update-ca-certificates during startup. /usr/sbin/update-ca-certificates will update the CA store.

[tmoesi]

I second this and would love to this implemented officially.

[tmoesi]

In the meantime I fixed this with an ugly "hack" by mounting a "09-update-ca-certificates.sh" script into /etc/cont-init.d/ which only contains update-ca-certificates. It works but still would like to see this supported officially.

[jdsatava127]

We are running into this issue as well. We are trying to enable the auth_ad_check_certificates option but the certificate validation always fails. We've tried adding LDAPTLS_CACERT, TLS_CACERT, and other php environment variables but none resolve the issue. Seems like LibreNMS requires the container to load the certs itself.