在公司网络上安装 vagrant 插件

Question

我正在尝试使用自己的根证书在公司网络上安装 Vagrant 插件，但它失败了：

$ vagrant plugin install vagrant-timezone --plugin-source http://rubygems.org
Installing the 'vagrant-timezone' plugin. This can take a few minutes...
...
Could not verify the SSL certificate for https://gems.hashicorp.com/.
There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see http://bit.ly/ruby-ssl. To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'.
...
Warning: this Gemfile contains multiple primary sources. Using `source` more than once without a block is a security risk, and may result in installing unexpected gems. To resolve this warning, use a block to indicate which gems should come from the secondary source. To upgrade this warning to an error, run `bundle config disable_multisource true`.Warning: this Gemfile contains multiple primary sources. Using `source` more than once without a block is a security risk, and may result in installing unexpected gems. To resolve this warning, use a block to indicate which gems should come from the secondary source. To upgrade this warning to an error, run `bundle config disable_multisource true`.Retrying fetcher due to error (2/4): Bundler::Fetcher::CertificateFailureError Could not verify the SSL certificate for https://gems.hashicorp.com/.

该证书在 Web 浏览器下运行良好，但不知何故 Vagrant 不理解这些系统证书。我确实使用http而不是https如上所述，但这没有帮助。

此类问题的任何其他解决方法？

Answer 1

绝对不推荐评论/答案中的 Ruby 文件黑客，因为它否定了使用 SSL 保护您的连接的好处。

“正确”的方法（也就是 IT 不会以某种方式追捕您）是将您的代理/防火墙的证书添加到 Vagrant 使用的嵌入式 Ruby 的可信证书列表中。

导航到安装 Vagrant 的目录，然后打开embedded\cacert.pem文件并将公司证书的内容附加到文件中，然后保存并退出。

在 Windows 上，这是C:\Hashicorp\Vagrant\embedded\cacert.pem. 遗憾的是，如果您从 Internet Explorer 导出证书，则不能总是直接使用该证书。在这些情况下，您可以使用 openSSL 将其转换为正确的格式。

我有一个脚本可以为您完成大部分工作，但我需要再次追踪它。一旦我这样做了，我会用更简单的方法来更新这个答案，因为每次更新 Vagrant 时，它都可能会破坏cacert.pem文件。