SSL certificate error when installing Cirrus Migrate Cloud
Your system's trusted CA certificates may have to be updated if you encounter SSL certificate verification errors
Such as:
or
Cirrus Migrate Cloud web services use certificates issued by Let's Encrypt Authority. You can review the chain of trust here here
You are recommended to update your system's trusted CA certificates bundle.
Use your system package manager (yum, apt, etc.) to update the ca-certificates package.
Generally, Windows Update will keep the system root certificates up-to-date.
However, some Windows security policies may have auto root certificates update disabled, especially on Windows Server 2012 or older.
To confirm that automatic certificates update is not disabled,
Click Start, and then click Run.
Type gpedit.msc, and then click OK.
If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
Double-click Administrative Templates, double-click System, double-click Internet Communication Management, and then click Internet Communication settings.
Confirm Turn off Automatic Root Certificates Update is NOT Enabled
Although not recommended, if you would like to ignore certificate verification, you can add the parameter -no-check-certificate during installation (and -k to the curl command if needed), such as:
#app-hint:deploy-cirrus-migrate
Such as:
curl: (60) Peer certificate cannot be authenticated with known CA certificatesor
irm : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.Chain of Trust
Cirrus Migrate Cloud web services use certificates issued by Let's Encrypt Authority. You can review the chain of trust here here
Resolution
You are recommended to update your system's trusted CA certificates bundle.
Linux
Use your system package manager (yum, apt, etc.) to update the ca-certificates package.
Windows
Generally, Windows Update will keep the system root certificates up-to-date.
However, some Windows security policies may have auto root certificates update disabled, especially on Windows Server 2012 or older.
To confirm that automatic certificates update is not disabled,
Click Start, and then click Run.
Type gpedit.msc, and then click OK.
If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
Double-click Administrative Templates, double-click System, double-click Internet Communication Management, and then click Internet Communication settings.
Confirm Turn off Automatic Root Certificates Update is NOT Enabled
Workaround
Although not recommended, if you would like to ignore certificate verification, you can add the parameter -no-check-certificate during installation (and -k to the curl command if needed), such as:
curl -k get.cirrusdata.cloud/install-gm | bash -s -- -rgc XXXXXJSNLILXXXQS7SHI -no-check-certificate#app-hint:deploy-cirrus-migrate
Updated on: 11/07/2022
Thank you!