Resolving Certificate Issues for Installing the Composabl SDK on WSL

If you use Windows Subsystem for Linux (WSL) on a corporate machine with internal security tools, such as Zscaler, you may encounter issues installing the SDK due to certificate replacement during HTTPS traffic inspection. Below is a method to resolve this issue by importing the appropriate certificates into WSL.

Step-by-Step Guide to Import Certificates into WSL

  1. Identify the Certificates

    • Open https://app.composabl.com in your browser.

    • Click on the padlock symbol next to the URL to view the site certificates. This method may vary slightly depending on your browser.

    • Export the certificates in the chain needed to trust the "app.composabl.com" certificate, which may be replaced by Zscaler or similar security tools. The intermediate and root certificates are often issued by your organization's IT department.

  2. Export the Certificates

    • Export the certificates in Base 64 encoded X.509 (PEM) format.

    • Make sure the exported certificate files have a .crt extension.

  3. Copy Certificates to WSL

    • Copy the exported certificates to /usr/local/share/ca-certificates in WSL. You can use any file transfer method between Windows and WSL.

  4. Update the Certificate Store

    • Run the following command to update the certificate store in WSL: sudo update-ca-certificates\

  5. Verify the Certificate

    • You can verify if the certificates are correctly recognized by running: openssl s_client -connect api.composabl.com:443 -prexit

This command should connect and print the certificate chain and other relevant information.

  1. Removing Certificates

    • If you need to remove the certificates, delete them from /usr/local/share/ca-certificates and then run: `sudo update-ca-certificates --fresh`

This command will rebuild the certificate bundle from the remaining individual certificates.

  1. Alternative Method: Export from Windows Certificate Store

    The intermediate/root certificates may already be available in the Windows certificate store. You can identify and export the required certificates from there if needed.

By following these steps, you should be able to configure your WSL environment to trust certificates replaced by corporate security tools, enabling the installation of the SDK without issues.

Last updated