Docker Windows Composer ZScaler SSL证书验证失败_Docker_Openssl_Composer Php_Debian_Zscaler

Docker Windows Composer ZScaler SSL证书验证失败

docker openssl composer-php debian

Docker Windows Composer ZScaler SSL证书验证失败,docker,openssl,composer-php,debian,zscaler,Docker,Openssl,Composer Php,Debian,Zscaler,我正在Windows10企业版上运行DockerWindows（linux容器）。我正在使用基于Debian的Docker映像，我的windows桌面正在运行ZScaler 我收到了两个证书文件（一个根证书和一个中间证书），我通过将它们放入/usr/local/share/ca certificates目录并运行“update ca certificates”来安装这些证书当我尝试运行composer diag时，会得到以下输出： composer diag Checking platform

我正在Windows10企业版上运行DockerWindows（linux容器）。我正在使用基于Debian的Docker映像，我的windows桌面正在运行ZScaler

我收到了两个证书文件（一个根证书和一个中间证书），我通过将它们放入/usr/local/share/ca certificates目录并运行“update ca certificates”来安装这些证书

当我尝试运行composer diag时，会得到以下输出：

composer diag
Checking platform settings: OK
Checking git settings: OK
Checking http connectivity to packagist: OK
Checking https connectivity to packagist: [Composer\Downloader\TransportException] The "https://repo.packagist.org/packages.json" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Failed to enable crypto
failed to open stream: operation failed
Checking github.com rate limit: FAIL
[Composer\Downloader\TransportException] The "https://api.github.com/rate_limit" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Failed to enable crypto
failed to open stream: operation failed
Checking disk free space: OK
Checking pubkeys:
Tags Public Key Fingerprint: <Omitted
Dev Public Key Fingerprint: <Omitted
OK
Checking composer version:

  [Composer\Downloader\TransportException]
  The "https://getcomposer.org/versions" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
  error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
  Failed to enable crypto
  failed to open stream: operation failed


diagnose

composer-diag
检查平台设置：确定
检查git设置：确定
正在检查到PackageGist的http连接：确定
正在检查到PackageGist的https连接：[Composer\Downloader\TransportException]该“https://repo.packagist.org/packages.json“无法下载文件：SSL操作失败，代码为1。OpenSSL错误消息：
错误：1416F086:SSL例程：tls\u进程\u服务器\u证书：证书验证失败
无法启用加密
无法打开流：操作失败
正在检查github.com速率限制：失败
[Composer\Downloader\TransportException]https://api.github.com/rate_limit“无法下载文件：SSL操作失败，代码为1。OpenSSL错误消息：
错误：1416F086:SSL例程：tls\u进程\u服务器\u证书：证书验证失败
无法启用加密
无法打开流：操作失败
检查磁盘可用空间：确定
检查公用密钥：
标记公钥指纹：在我的情况下，根证书未正确安装。。。企业提供的证书的中间证书名为.crt，根证书名为.cer。更新ca证书未获取名为.cer的证书。重命名根证书并重新运行更新ca证书安装了根证书并修复了问题
运行以下命令有助于解决问题：
CONNECTED(00000003)
depth=2 DC = com, DC = my-enterprise, DC = ent, CN = ca-intermediate
verify error:num=2:unable to get issuer certificate
issuer= DC = pvt, DC = my-enterprise, CN = ca-rootauth
verify return:1
depth=1 C = US, ST = US, L = US, O = "my-enterprise ", OU = CTE, CN = my-enterprise.com
issuer= DC = com, DC = my-enterprise, DC = ent, CN = ca-intermediate
verify return:1
depth=0 C = US, ST = California, L = San Francisco, O = "GitHub, Inc.", CN = *.github.com
issuer= C = US, ST = US, L = US, O = "my-enterprise ", OU = CTE, CN = my-enterprise.com
verify return:1
---
Certificate chain
0 s:C = US, ST = California, L = San Francisco, O = "GitHub, Inc.", CN = *.github.com
   i:C = US, ST = US, L = US, O = "my-enterprise ", OU = CTE, CN = my-enterprise.com

这表明根证书未被识别为有效CA，并导致我列出openssl识别的证书。。我在这里找到了答案：

一旦我列出并验证ca rootauth不存在于ca受信任列表中，那么问题就在于找出这两个（根和中间）工作方式不同的原因
 你为什么使用自己的证书getcomposer.org
永远不会使用您的任何个人证书zScaler充当SSL代理，企业要求。。。它将自己置于您和外部世界之间——解密任何出站SSL通信，并使用自签名证书或至少一个由不受信任的CA签名的证书对其进行重新加密。因此，入站返回SSL连接似乎使用了来自无效CA的证书，因此出现了错误（这是我的理解）。。。getcomposer文档说它使用PHP设置。。。PHP说它使用操作系统设置，还说你不应该设置这个。。。请参阅此处的相关链接：