[WSL] Corprate Certificate Chain Installation

[WesselBBD]

There are probably other ways of doing this by using podman's built in certificate configs but the way I've found that fixes certificate related pains in 99% of cases is installing the ca/intermediary chain into the os (be that a container or otherwise)

I am running WSL with Podman Desktop, if you are running in Linux I assume you'll have to find the instructions for your distro.

• Start the machine (if it isn't running already)
• ssh into the machine: podman machine ssh
• Now locate your .pem CAs and Intermediary certificates on your Windows machine. (/mnt should have your Windows filesystem mounted)
• Copy (with sudo) the certs to the /etc/pki/ca-trust/source/anchors/ directory: sudo cp /mnt/path/to/corpo/cert-folder/* /etc/pki/ca-trust/source/anchors/
• Run sudo update-ca-trust
• Exit out of the machine: exit
• Stop the machine: podman machine stop
• For good measure do wsl --shutdown
• Start the machine again: podman machine start

The CAs and Intermediaries should be avaible in the root trust and podman should work transparently with your corprate environment now.

For more info you can check out update-ca-trust(8), or the README's in the /etc/pki/ca-trust folder

[jfmatth]

I'm so glad you documented this here, hopefully it will be added to the Windows section at some point, or a better (--add-certificate in machine init section)?