Hi all,
i have trouble with connecting to company internal docker.
When I try to login or pull image from docker on Arch i am getting following message:
docker pull hostname/image:version
Error response from daemon: Get "https://hostname/v2/": tls: failed to parse certificate from server: x509: invalid certificate policiesAlso curl to address:
curl -v https://hostname/
* Trying 1.1.1.1:443...
* Connected to hostname (1.1.1.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.According to the internet i have to have CA certificate and add it to system. So I received mentioned certificate and add it with:
trust anchor --store myCA.crtand did update-ca-trust
Now curl shows:
curl -v https://hostname/
* Trying 1.1.1.1:443...
* Connected to hostname (1.1.1.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=PL; ST=Mazowieckie; L=Warszawa; O=Name.; OU=IT; CN=hostname
* start date: Jun 7 08:52:24 2021 GMT
* expire date: Jun 7 08:52:24 2023 GMT
* subjectAltName: host "hostname" matched cert's "hostname"
* issuer: DC=pl; DC=com; DC=name; CN=Name. Subordinate CA
* SSL certificate verify ok.
> GET /v2/ HTTP/1.1
> Host: ekdcicd-tst01
> User-Agent: curl/7.79.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 404 Not Found
< Server: nginx/1.20.1
< Date: Mon, 11 Oct 2021 17:00:02 GMT
< Content-Type: text/html
< Content-Length: 153
< Connection: keep-aliveBut docker still shows:
docker pull hostname/image:version
Error response from daemon: Get "https://hostname/v2/": tls: failed to parse certificate from server: x509: invalid certificate policiesI have installed Ubuntu on vm and there was different error:
docker pull hostname:443/image:version
Error response from daemon: Get "https://hostname:443/v2/": x509: certificate signed by unknown authority
and when i added certificate to ubuntu store
sudo cp myCa.cer /usr/local/share/ca-certificates/
sudo update-ca-certificatesdocker works fine it doesn’t returns any issues.
Does anyone know what is wrong with Arch ? is there any policy to change ?