I've set up a Debian repository (Ubuntu actually) for internal use with some private packages, and now want to make it available over the web to some specific servers. I would like apt-get / aptitude to connect to it using HTTPS, and because I don't want to spend any money am using a self-signed certificate.
I've tried following the apt.conf man page on pointing apt-get to use my own root CA certificate to validate the host, but it does not seem to work.
My apt.conf file looks like this:
#Acquire::https::repo.mydomain.com::Verify-Peer "false";
Acquire::https::repo.mydomain.com::CaInfo "/etc/apt/certs/my-cacert.pem";
Acquire::https::repo.mydomain.com::SslCert "/etc/apt/certs/my-cert.pem";
Acquire::https::repo.mydomain.com::SslKey "/etc/apt/certs/my-key.pem";
I also use a client certificate, but it does not seem to be a problem because when I set Verify-Peer to "false" (commented above) everything works.
Using the same CA certificate, client cert and key works well with curl.
I enabled apt debugging (Debug::Acquire::https "true") but it offers very little information.
Any suggestions on how to proceed?
Best Answer
Recently, I have encountered a similar problem. I solved it by adding
SslForceVersion
option.My config is like: