How can I add a custom ssl certificate so that HTTP.jl recognizes it by default?

Hi there, I spend a couple of hours without success.

Let’s assume we have the julia docker running - how can I add a custom certificate (self-signed) which my website uses so that everything is trusted correctly?

I tried to add the my.crt file it to /usr/share/ca-authorities/, and run update-ca-certificates.
Unfortunately despite the documention says that such files would be implicitly included, they aren’t, but you need to add a line my.crt to /etc/ca-certificates.conf. Then update-ca-certificates works and also curl works.

Interestingly, using Downloads.download(...) works now too, but HTTP.get(...) still fails with the usual

ERROR: HTTP.Exceptions.ConnectError("https://cloud.jolin.io/jwks", Base.IOError("X509 - Certificate verification failed, e.g. CRL, CA or signature check failed", -9984))

So I guess, HTTP does not use NetworkOptions.ca_roots() but somehow hardcodes their ca certificates?
Please any help is highly appreciated.

I think the simplest way to do this is by setting the HTTP_CA_BUNDLE file (you can also set CURL_CA_BUNDLE which will be similarly recognized).

2 Likes