I have a (private) apt repository setup on a server. I'm only allowing access to this repository over SSL, and only with a client certificate. I have tested the connection using curl:
$ curl --cacert /opt/CA.crt --cert /opt/user.crt --key /opt/user.key --pass 1234 https://example.com/dists/lucid/main/binary-amd64/Packages.gz
The content is downloaded as expected.
I've created a file in /etc/apt/apt.conf.d/45example-com with
Debug::Acquire::https "true";
Acquire::https::example.com {
Verify-Peer "true";
Verify-Host "true";
CaInfo "/opt/CA.crt";
SslCert "/opt/user.crt";
SslKey "/opt/user.key";
};
I've added a file at /etc/apt/sources.list.d/example.com.list with:
deb https://example.com/ lucid main
There seems to be a problem with the CA cert, when I try an update I get the following:
# apt-get update
* Connected to example.com (8.0.0.8) port 443 (#0)
* found 1 certificates in /opt/CA.crt
* error reading X.509 key or certificate file
* Closing connection #0
The server logs on example.com show that no request got there, so I guess that apt-get is failing before trying to send the request (which matches what the log says).
I've had a hard time finding any documentation on apt-get with ssl on the interwebs, and haven't even been able to find the source code.
Does anyone have any ideas?