Your system's trusted CA certificates may have to be updated if you encounter SSL certificate verification errors

Such as:

curl: (60) Peer certificate cannot be authenticated with known CA certificates

or

irm : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.


Chain of Trust

Cirrus Migrate Cloud web services use certificates issued by Let's Encrypt Authority. You can review the chain of trust here here

Resolution

You are recommended to update your system's trusted CA certificates bundle.

Linux
Use your system package manager (yum, apt, etc.) to update the ca-certificates package.

Windows
Generally, Windows Update will keep the system root certificates up-to-date.

However, some Windows security policies may have auto root certificates update disabled, especially on Windows Server 2012 or older.
To confirm that automatic certificates update is not disabled,
Click Start, and then click Run.
Type gpedit.msc, and then click OK.
If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
Double-click Administrative Templates, double-click System, double-click Internet Communication Management, and then click Internet Communication settings.
Confirm Turn off Automatic Root Certificates Update is NOT Enabled

Workaround

Although not recommended, if you would like to ignore certificate verification, you can add the parameter -no-check-certificate during installation (and -k to the curl command if needed), such as:
curl -k get.cirrusdata.cloud/install-gm | bash -s -- -rgc XXXXXJSNLILXXXQS7SHI -no-check-certificate


#app-hint:deploy-cirrus-migrate
Was this article helpful?
Cancel
Thank you!