I was able to get this working without the need for a custom script or connecting to VM to restart daemon is to place the cert in the certs.d folder. If only we could automate it during start up like boot2docker had with bootlocal.sh
Each time I get a x509 self signed cert error I am able to do this command, (pointing to a directory of root certs). Where pwd is the directory that contains a folder with some certs. Works a treat and doesnât require connecting to the VM
generate new certificates or use existing ones, then use a container to copy them into the vm: Adding (self signed) certificates - the base image is available on the Docker Hub
similar to the first ones, but in a more manual way, again by using a container: Adding (self signed) certificates - you can use any base image with a shell
Yeah, I just found that out (the post is updated, I think I may have deleted the forum link to avoid confusion though). I completely failed to find the official documentation though, so thanks for the link.
IN case anyone is still having an issue with this. I believe this is in the stable version as well, but thereâs an option in the gui to âinsecure registriesâ. Just add the hostname of your docker registry and it will work flawlessly w/o having to go through the hoops described in this thread.
Unless thereâs different use case where you need to install an SSL / TLS certificate, I think this is much easier.
Ignoring SSL/TLS means that you have no assurances that the hostbyou are talking to is really the one you expect.
If you have custom Root CAâs, you probably have a reason to want to use them and validate the connection.
As for client certificates: it lets us validate that the client side is an authorized node, in a way that would be very hard to attack, and we can actually use that CN for authn as well.
Iâm hoping this is possible, or that there are more details around on the way the docker VM gets info about the trusted CAâs, so we can work on a pull request to enable client certa. I really donât want to have to export them to disk just to use them with docker.
Iâm not worried about using the CA. That part works great.
This is a question about using a client certificate. This question is still relevant no matter the CA that signed the client cert.
Iâm looking for internals on how the CA from keychain is implemented, and if if doesnât transmit the Client cert, then a pointer to the code so we can maybe try to add the feature. Weâre happy to help, and do the workâŠ
This is what Iâm waiting for as well. We are still using the Toolbox version of Docker because we need to install client certificates into the VM in order to access our private registry.
All we really need is a way to mount in a âclient.crtâ and âclient.keyâ into the xhyve VM in the right place when it starts up. Either that, or some way to tell Docker which certificates/keys in the Mac Keychain it should use for client authentication.