I am trying to run the following docker command:
docker run -i -t ubuntu /bin/bash
But I get the error:
Unable to find image 'ubuntu' (tag: latest) locally
Pulling repository ubuntu
2013/11/28 14:00:24 Get https://index.docker.io/v1/images/ubuntu/ancestry: x509: certificate signed by unknown authority
I know that our company replaces the SSL Certificate on the fly for https requests.
I tried to trust our company's CA certificate by putting it in:
/etc/pki/tls/certs/ca-bundle.crt
and
/etc/pki/tls/cert.pem
But it is still not working.
Any ideas?
In Docker 17.07 and higher, you can configure the Docker client to pass proxy information to containers automatically. In Docker 17.06 and earlier versions, you must set the appropriate environment variables within the container.
The docker-proxy operates in userland, and simply receives any packets arriving at the host's specified port, that the kernel hasn't 'dropped' or forwarded, and redirects them to the container's port.
@jpetazzo's answer is overall correct, however there is a nicer way to do the same thing (without manually editing a ca-bundle file):
on CentOS:
sudo cp yourcert.crt /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust extract
sudo service docker restart
on Debian:
sudo cp yourcert.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
sudo service docker restart
Note that restarting docker daemon is necessary!
According to http://golang.org/src/pkg/crypto/x509/root_unix.go, you should append your certificate to one of the following:
Find the one that exists on your system, and append your certificate to it.
(And be ready to do it again when you upgrade the package containing that file...)
I hope there is a better method, but this is the only one I found so far :-)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With