FreeBSD and Azure Blob Store (looking at the edge of restic)

I’m irritated!
When I use restic on ubuntu server and initialize a repository on Azure everything works. When I try to do exactly the same on freebsd I get:

Fatal: create repository at azure:bsd:/ failed: container.CreateIfNotExists: Put x509: certificate signed by unknown authority

So: ubuntu has signed certs that freebsd doesn’t have.

Is there anybody out there able to give me a hint how to prepare freebsd for restic?

Thank you in advance

1 Like

This is not related to restic but is rather related to the CA that Azure blob storage uses. Presumably your distribution of FreeBSD is old enough that this CA is missing from the system.

The root CA for this certificate has the fingerprint d4de20d05e66fc53fe1a50882c78db2852cae474 and is available from DigiCert.

You will have to look up how to install this certificate on FreeBSD; I don’t use it.

1 Like

It may also be an intermediate certificate that’s required to verify the server’s certificate which is installed on Ubuntu but not on FreeBSD.

By the way, you can tell restic to use certificates from a file for verification with the --cacert <file> option, so you don’t even have to install the certificate system wide.

Thank you! Your hints and a small amount of RTFM solved my problem:
First of all: A “pure” freebsd server has no root certs installed.
pkg install ca_root_nss does the job.
If there are further error messages: I recommend to take a look on “date”. Wrong day? Bad! :wink: