This message was deleted.
# rancher-desktopa
adamant-kite-43734
11/25/2024, 8:45 AMThis message was deleted.
w
wide-mechanic-33041
11/25/2024, 1:18 PMdidn't provide where you are getting self-signed or what platform you are on, but you can poke at https://github.com/rancher-sandbox/rancher-desktop/issues/5165. Should source all the trusted CAs from your keychain/windows cert manager
p
prehistoric-smartphone-44445
11/25/2024, 1:56 PMSorry I'm using Windows and not MacOS. I got this error on the "k8s" log file on AppData.
w
wide-mechanic-33041
11/25/2024, 1:57 PMso RD should do the same thing won windows w CAs from cred manager, but any more specifics in the k8s log?
p
prehistoric-smartphone-44445
11/25/2024, 1:59 PM2024-11-25T135529.073Z: Updating release version cache with 0 items in cache
2024-11-25T135542.963Z: updateCache: error: FetchError: request to https://update.k3s.io/v1-release/channels failed, reason: self signed certificate in certificate chain
prehistoric-smartphone-44445
11/25/2024, 1:59 PMIt can't download k3s versions because Zscaler is rewriting the certificate and Rancher Desktop doesn't trust it
w
wide-mechanic-33041
11/25/2024, 1:59 PMok so thats a fetch call
wide-mechanic-33041
11/25/2024, 2:00 PMdid you try adding your internal CA cert via NODE_EXTRA_CA_CERTS?
p
prehistoric-smartphone-44445
11/25/2024, 2:01 PMBut I don't have any problem with my Browser, that's why I try to add custom CA.
I'll try it, I have to understand how it works on Windows, I just have to setup the environment variable and relaunch RD right?
w
wide-mechanic-33041
11/25/2024, 2:01 PMthe https agent should still have all the CAs from cred manager and if it was missing you would see a ton of errors in browsers etc
wide-mechanic-33041
11/25/2024, 2:02 PMyup just add it to your User Env and quit and relaunch RD and see if things improve. I will see if i can find where the RD team do the cred manager pull in the code
p
prehistoric-smartphone-44445
11/25/2024, 2:04 PMThank you, I'm trying, I'll let you know
w
wide-mechanic-33041
11/25/2024, 2:09 PMhttps://github.com/rancher-sandbox/rancher-desktop/blob/main/src/go/wsl-helper/pkg/certificates/certificates_windows.go is where the magic happens it seems. https://github.com/rancher-sandbox/rancher-desktop/blob/main/src/go/wsl-helper/cmd/certificates_windows.go#L66 has me wondering if your CA store is named something different?
p
prehistoric-smartphone-44445
11/25/2024, 2:17 PMMy OS is in French but all CA are in "Trusted Root Certification Authorities" on Local Computer
👍 1
prehistoric-smartphone-44445
11/25/2024, 2:18 PMNODE_EXTRA_CA_CERTS not seems to work, I tried NODE_TLS_REJECT_UNAUTHORIZED too but no more luck...
w
wide-mechanic-33041
11/25/2024, 2:24 PMmay be best to open an Issue on the repo. feels like the CA store is not being read correctly. i am in the same boat w TLS interception and no issues, but may be more subtle
p
prehistoric-smartphone-44445
11/25/2024, 3:33 PMI made it work. I had to launch Rancher Desktop with command line after setting the env variable :
PS C:\temp> $env:NODE_TLS_REJECT_UNAUTHORIZED=0
PS C:\temp> & 'C:\Program Files\Rancher Desktop\Rancher Desktop.exe'
prehistoric-smartphone-44445
11/25/2024, 3:34 PMI still have problems being behind a proxy but I passed this step
w
wide-mechanic-33041
11/25/2024, 3:34 PMso i would double check you hit OK after adding it to the User env as it seems like it didn't "stick"
p
prehistoric-smartphone-44445
11/25/2024, 3:34 PMIn fact, I think it's useless, I should better dig with the Air Gapped Installation
w
wide-mechanic-33041
11/25/2024, 3:34 PMyou can check $env or hit
setwide-mechanic-33041
11/25/2024, 3:35 PMyeah if your admins are blocking routes than yeah can't really fix that. best to go airgap
108 Views