Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

x509: certificate signed by unknown authority - both with docker and with github

Tags:

docker build -t oreng/iojs .

INFO[0000] Get https://index.docker.io/v1/repositories/library/iojs/images: x509: certificate signed by unknown authority.

my Dockerfile is

FROM iojs:latest RUN useradd -ms /bin/bash developer WORKDIR /home/developer USER developer

Also hub create (using https://github.com/github/hub)

Post https://api.github.com/user/repos: x509: certificate signed by unknown authority
like image 222
user3538553 Avatar asked Mar 26 '15 18:03

user3538553

People also ask

How do I fix x509 certificate signed by unknown authority Docker?

How to resolve Docker x509: certificate signed by unknown authority error. In order to resolve this error, we have to import the CA certificate in use by the ICP into the system keystore. Then, we have to restart the Docker client for the changes to take effect.

How do I fix x509 certificate signed by unknown authority in Windows?

So the solution to is simple – install the Root CA certificates on the server. That's it – now the error should be gone. If you don't know the root CA, open the URL that gives you the error in a browser (i.e. Chrome). Click the lock next to the URL and select Certificate (Valid).

What does x509 certificate signed by unknown authority mean?

509 Certificate Signed by Unknown Authority” error is that you've attempted to use a self-signed certificate in a scenario that requires a trusted CA-signed certificate. Most of the examples we see in the field are self-signed SSL certs being installed to enable HTTPS on a website.

1 Answers

As mentioned in crypto/x509/root_unix.go, Go (which is what Docker uses) will check CA certificates in

"/etc/ssl/certs/ca-certificates.crt",     // Debian/Ubuntu/Gentoo etc. "/etc/pki/tls/certs/ca-bundle.crt",       // Fedora/RHEL "/etc/ssl/ca-bundle.pem",                 // OpenSUSE "/etc/ssl/cert.pem",                      // OpenBSD "/usr/local/share/certs/ca-root-nss.crt", // FreeBSD/DragonFly "/etc/pki/tls/cacert.pem",                // OpenELEC "/etc/certs/ca-certificates.crt",         // Solaris 11.2+

Make sure those files are available and not corrupted.

There can be also sporadic issue with the CDN, as in this comment:

because now it works :+1: . It must be a amazon edge isssue

The last thread also includes the following check:

The user reporting the issue either has non of those files or those files don't include the rapidssl cert.
We could ask them to send us those files and check if the certificate is included.
The user may also try this:

openssl s_client -showcerts -verify 32 -connect index.docker.io:443

If that fails, the certificates are missing.

Regarding GitHub, be aware it is under a massive DDoS attack at the moment, which could have other side-effects beside the certificate issue.

like image 151
VonC Avatar answered Sep 28 '22 08:09

VonC
Sign in to Comment

Related questions

Is it thread safe to access different members of struct in go?
Dagger 2 and android Studio: working but can't see generated classes
GCC rejects a simple-declaration with an enum-base; clang accepts it — which is correct?
Dynamically add roles to authorize attribute for controller
Ansible Service Restart Failed
What's the difference between type and name in C++?
Reason for the exception java.lang.VerifyError: Bad type on operand stack
MVC design pattern, service layer purpose?
How can I make Git show changes to my .sql files?
what does >> and 1* means in this groovy statement?
Behavior of sleep and select in go
Hide certain columns in a responsive data table using DT package

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!