Using a self-signed SSL cert for an HTTPS-based internal APT repository

I don't use client authentication, only HTTPS, but I only got it to work using this:

Acquire::https {
        Verify-Peer "false";
        Verify-Host "false";
}

I put this on a file under /etc/apt/apt.conf.d.


Recently, I have encountered a similar problem. I solved it by adding SslForceVersion option.

My config is like:

Acquire::https::test.com {
    Verify-Peer "true";
    Verify-Host "true";

    CaInfo "/tmp/ca.crt";

    SslCert "/tmp/client.crt";
    SslKey  "/tmp/client.key";
    SslForceVersion "SSLv3";
};

I solved it in another way, by installing the ca-certificate.

  1. Copy your *.crt file to `/usr/local/share/ca-certificates/
  2. run sudo update-ca-certificates

This solution works with Ubuntu 14.04 at least.