Is there anyway to disable SSL/cert checks for the SDKManager? Even though my system works elsewhere just fine with the proxy and ca-authority updated, SDKManager fails to download due to “self-signed certificate” errors. Can I just override this check? I’m aware of the risks and willing to take them at this point.
If not, can I get some additional hints as to what SDKManager is using underneath to execute to downloads? Maybe something to help me track down why the application isn’t using the OS’s certs? The proxy location settings do work within the SDKManager’s settings but there is nothing regarding certs. I’ve looked through all the logs and am simply having no luck.
I don’t know enough to be particularly helpful, but I have not heard of the NVIDIA certs causing download failure. It makes me wonder if part of your proxy is correct, but some other port related to SSL is not forwarding. If you get a log of the failure, then in general it will list some URLs and the error. If you post some of the exact URLs and errors, then it is possible to manually go through the steps and see what happens.
@linuxdev I appreciate the response. To be clear, I’m not blaming it on Nvidia, I’m certain it’s an issue on my side with my proxy settings or cert trust chain installation. But at this point everything else on the system works with what I configured except for the SDKManager and I’m just running out of time and looking for a shortcut.
I was hoping I could just disable the checks like you can with most other applications and move on with my life. I’ve tried grabbing the packages listed at the URL in the error logs and can download them via the browser just fine, it just refuses to work through the application and I’m at a loss. I’d honestly just download them all that way but after looking at the json configuration file at ~/.nvsdkm/dist/ there’s over 50+ URLs…and it just would be a royal pain to go that route.
So, I managed to speak to a few people and followed a corporate procedure for setting up Ubuntu correctly to use our company’s proxy and cert chain and everything else on the system works. apt-get works, curl of https://google.com works, Firefox works to https://google.com, Anaconda works, the only one not working is the SDKManager.
It still gives me “self signed certificate in the certificate chain” errors. Does anyone know what the SDKManager uses under the hood to download these files? It doesn’t appear to respect the system settings that’s for sure. It does use the $HTTPS_PROXY environment variable for the proxy location, but nothing about disabling SSL or pointing it to the cert chain located at /usr/local/share/ca-certificates appears to be used.
I see there is a ~/.nvsdkm/.sdkm.bashrc file. Can something be set in there to resolve this?
Otherwise, does Nvidia offer any other options to get a list of these files to batch download via a browser or something? I saw this post Sdkmanager download error but man, there’s a lot of URLs to pull from that json then to individually download…
If you know of a command or environment setting which fixes this, then in theory you could use that, but it is also a temp file and would likely get overwritten at some point.
I think you should try to manually download at least one or two of those packages…not as a workaround, but instead as debug information. FYI, a self-signed cert would probably be something at your end which SSL does not like. SSL documentation, and how to work around self-signed cert issues, would be the likely method of finding an answer. I just don’t know enough about SSL and self-signed certs (workarounds) to answer.
@linuxdev Thanks for the info, I’ll give it a try and report back if it fixes my issues. As for the debugging part, yes I was able to download a few files individually no problem. I agree it must be an issue on my side but as with you I’m just not an expert when it comes to SSL and the likes, hence why at this point I was just hoping to disable the checks and get on with my life.
Incidentally, if you can find any file which won’t download from a browser, then you can use that to debug the “why” side of it. For example, the browser would tell you about certificates. As a contrived example, if there is more than one certificate involved, then it would point out which cert is the problem. Not necessarily something which would solve this for you, but it might lead to a way to figure it out.
@wlevans Unfortunately I do not, and to be honest considering this is, as I see it, a product line mostly intended for industry work, the fact they don’t offer more configuration options (i.e. ignore SSL) or offline download options is frustrating to say the least.
I should be able to grab all the dependencies from the web without the tool, then copy them to a folder on the Ubuntu host machine to perform the cross compile and flashing/installing using the tool in a fully offline state.
My setup that I am dealing with is VERY common in the enterprise IT world, and the fact that more people have not had this issue really surprises me.
Ultimately after tons of forms and red tape on my side I was able to get a host machine to connect to the internet via someone’s cellular Wi-FI access point…which is just insane that I had to go that route…but its the only thing that worked.
Hopefully this can get some more attention and maybe some future features can be taken into consideration by the development team. What I was able to do is not a long term solution so I’m still very interested in remedying this issue.
Good luck and if you find a solution please share it, I would very much appreciate it.
Any resolutions to this SSL error? I am also seeing an issue. I know that it’s corporate certs that are causing the problem. For most tools, there is a configuration option to either use the systemwide certs or manually specify the path.
In my case, I’m running with the docker image, sdkmanager:1.7.2.9007. I’ve grabbed these logs from /home/nvidia/.nvsdkm/sdkm_download.log when trying to download the SDK.