I ran into issues updating Expedition through my PAN Firewall running SSL decryption.
After a bit of troubleshooting there are two changes I needed to make on the expedition VM.
- Update cert file with your SSL Decrypt cert - This allows apt to trust your SSL decryption certificate
- Export the Root CA that signed your SSL cert in base64/PEM format
- Append the raw text of that SSL Cert to /etc/ssl/certs/ca-certificates.crt
- Configure PIP to use that certificate Store - This tells pip to read your SSL certificate store
- create /etc/pip.conf and add the following configuration
[global]
cert = /etc/ssl/certs/ca-certificates.crt
I also needed to allow this system to download EXE's from the Internet, once PIP started trusting my decryption certificate, I discovered that PIP is downloading EXE's(normally for windows) as part of its script for some reason and this was causing it to throw errors.
