apt-get certificate verification failed 해결 방법

서론

docker 설치를 위해 온갖 이상한 짓을 다 해봤는데 실패했다.

인터넷에 떠돌아다니는 많은 글들이 뻘글들도 많아서 근본적인 문제를 해결해주지 못했는데,

이제서야 결국 알아냈다.

 

본론

결론만 말하자면 certification을 추가해주면 된다.

그걸 몰라서 지금까지 못했겠냐고...

 

아래 명령어를 통해 해당 사이트의 정보를 긁어온다.

echo | openssl s_client -servername download.docker.com -connect download.docker.com:443

대략 아래와 같이 출력됨.

CONNECTED(00000003)
depth=1 C = KR, ST = Seoul, L = Guro, O = MonitorApp Corporation, OU = MonitorApp AISWG, CN = MonitorApp Root Certificate Authority (AISWG)
verify error:num=19:self-signed certificate in certificate chain
verify return:1
depth=1 C = KR, ST = Seoul, L = Guro, O = MonitorApp Corporation, OU = MonitorApp AISWG, CN = MonitorApp Root Certificate Authority (AISWG)
verify return:1
depth=0 C = KR, O = Monitorapp, CN = download.docker.com
verify return:1
---
Certificate chain
 0 s:C = KR, O = Monitorapp, CN = download.docker.com
   i:C = KR, ST = Seoul, L = Guro, O = MonitorApp Corporation, OU = MonitorApp AISWG, CN = MonitorApp Root Certificate Authority (AISWG)
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Aug 19 05:13:42 2023 GMT; NotAfter: Sep 17 05:13:42 2024 GMT
 1 s:C = KR, ST = Seoul, L = Guro, O = MonitorApp Corporation, OU = MonitorApp AISWG, CN = MonitorApp Root Certificate Authority (AISWG)
   i:C = KR, ST = Seoul, L = Guro, O = MonitorApp Corporation, OU = MonitorApp AISWG, CN = MonitorApp Root Certificate Authority (AISWG)
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Sep 15 05:37:14 2022 GMT; NotAfter: Sep 12 05:37:14 2032 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDqTCCApGgAwIBAgIUM/R3DrX0BaRddnKF/BMA17oNL3UwDQYJKoZIhvcNAQEL
BQAwgaAxCzAJBgNVBAYTAktSMQ4wDAYDVQQIDAVTZW91bDENMAsGA1UEBwwER3Vy
bzEfMB0GA1UECgwWTW9uaXRvckFwcCBDb3Jwb3JhdGlvbjEZMBcGA1UECwwQTW9u
aXRvckFwcCBBSVNXRzE2MDQGA1UEAwwtTW9uaXRvckFwcCBSb290IENlcnRpZmlj
YXRlIEF1dGhvcml0eSAoQUlTV0cpMB4XDTIzMDgxOTA1MTM0MloXDTI0MDkxNzA1
MTM0MlowQDELMAkGA1UEBhMCS1IxEzARBgNVBAoMCk1vbml0b3JhcHAxHDAaBgNV
BAMME2Rvd25sb2FkLmRvY2tlci5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDnaKsF1R0V6aalhN1eNmgHe2RRYMm4tHFG1STfq61eZyqh5IQ7WXtb
H1r2RJn5PnVBGHsezKokO2RoznNkhLVNLXCR3/0YSNhdVty1GyesD1H3m3GPK3nC
H9SdPauW7znGV6vw/KIy4MP8H1NGT7TKxSnj/sZ0b988J8cohEr/odGiLjSYvjUz
m13XxlnERT6XXROoiUygU+2bU4fdKDSDf5Ac8OHOBcP5QT87lXttNbsYR7DyAJiI
YFbwQh9/EYVZFbOTDh6+jTqLkI4rUXh6pvlIl9RnqA41doXEoI8e0Ue7bUbWdQ8E
TVoiJZiGtBICaS2UZK/1f+QL2+wVHtGLAgMBAAGjOjA4MAkGA1UdEwQCMAAwCwYD
VR0PBAQDAgXgMB4GA1UdEQQXMBWCE2Rvd25sb2FkLmRvY2tlci5jb20wDQYJKoZI
hvcNAQELBQADggEBADJN44fAAEG0n7VfxxSgV3X8rjXRXiJelamtfrWD5c/cDEPM
ydvADjO+5UVsI3OI2MACt52VLhMMsORwwM1lk2xaCrQ1Od78svN3hdI5Lo9428G1
h4fFycBiv8Zo5Khlw5rgsA6HNPlYX207GIxbd8blKRRMvjJpl9h7HQWtLaf9Uit9
bNDFzS1GTSH4/bQGWNUOCyLMAbiCIF3tF/4h1Y9e3VA/jdUI+2yhxcP1841LIx8Z
QU/ik6K09fcd/tLMrIwlTqJ5ri6GT6TepHve3pMernZDMGdQzaYv3ZIMEHxmpBts
O45mntQz32JNPzhcxpbePN/3pe+TJQlHoXZHLp4=
-----END CERTIFICATE-----
subject=C = KR, O = Monitorapp, CN = download.docker.com
issuer=C = KR, ST = Seoul, L = Guro, O = MonitorApp Corporation, OU = MonitorApp AISWG, CN = MonitorApp Root Certificate Authority (AISWG)
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2565 bytes and written 401 bytes
Verification error: self-signed certificate in certificate chain
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 19 (self-signed certificate in certificate chain)
---
DONE

 

여기서 필요한 부분은 BEGIN CERTIFICATE 부터 END CERTIFICATE 까지이다.

이를 복사하여 아래 파일에 추가해주면 된다. (vi던 nano던)

sudo vi /etc/ssl/certs/ca-certificates.crt