SSL Errors on Corporate Network (Proposed Solution)

My employer terminates SSL traffic on a security appliance to inspect it, then re-signs the traffic using an internal PKI certificate that all domain-joined PCs have in their Root CA cert store. However, the VM spun up by Packer throws SSL errors while trying to install Chef (or anything else that uses https:) since it doesn't trust our internal PKI:

virtualbox-iso: Installing Chef...
virtualbox-iso: iwr : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
virtualbox-iso: At line:1 char:5
virtualbox-iso: + . { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex; Install- ...

To work around this issue on the Windows 2016 virtual box template, I made the following changes:

(You can view the file here, here's a summary)

Create a new project-root level directory, ca-certs
Add the following to the end of the builder's object:

"floppy_dirs": [
    "ca-certs"
]

Add this provisioner before all of the others:

{
"type": "powershell",
"inline": [
"Get-ChildItem A:\\ca-certs | Import-Certificate -CertStoreLocation Cert:\\LocalMachine\\Root\\"
],
"elevated_user": "vagrant",
"elevated_password": "vagrant"
},

This installs any certificate dropped into the ca-certs folder into the VM's "Trusted Root Certification Authorities" store. For me, dropping our root PKI cert into the folder lets the VM trust the intercepted/resigned SSL connections our network generates, and allowed the build to complete.

I was wondering if this is something worth adding to the repo? I wanted to get a :thumbsup: before taking the time to copy/pasta the workaround to each template and open a PR.

mwrock / packer-templates

SSL Errors on Corporate Network (Proposed Solution) #104