Hello all,

i’am using here docker on my KDE Neon (basend on Ubuntu 22.04 LTS) with pycharm. Docker is installed directly from the packagessource from docker. Here in the office we have SSL-Deepinspection for security. So docker can’t download things from the internet:

docker run hello-world

Unable to find image 'hello-world:latest' locally
docker: Error response from daemon: Head "https://registry-1.docker.io/v2/library/hello-world/manifests/latest": Get "https://auth.docker.io/token?scope=repository%3Alibrary%2Fhello-world%3Apull&service=registry.docker.io": EOF.

Form other applications the CA is automaticly used. But Docker does not seem to access the central certificate store.

For testing i have created this folder
/etc/docker/certs.d
and put my CA there, but that also shows no change.

How can I pass docker my CA with so it can also load things from the internet?

Thanks and best Regards
boospy

From ChatGPT, not tested:

You need to configure the Docker daemon to use your CA files. To do this, create or edit the Docker daemon configuration file, typically located at /etc/docker/daemon.json or /etc/systemd/system/docker.service.d/docker.conf on Linux. Add or modify the “tls” section to include the paths to your CA files:

{
  "tls": true,
  "tlscacert": "/path/to/your/ca.crt",
  "tlscakey": "/path/to/your/ca.key",
  // Other Docker daemon configurations...
}

Then restart your Docker daemon.

Have you followed the instructions Verify repository client with certificates | Docker Docs, and added the subfolder registry-1.docker.io and placed the cert inside the folder with a filename that ends on .crt?

It should look like this /etc/docker/certs.d/registry-1.docker.io/ca.crt.

Though, this only handles docker engine to registry communication. Every container that needs to make https calls to the internet needs to be modified as well.

This was what i have missed. Very thanks, it works now perfectly.