Docker certificate issue: x509: certificate signed by unknown authority


First of all, apology if this has been answered in other posts or even in the manual but I (a relatively Docker newbie) have searched through them and tried different suggestions over the past few days and came up blank.

So I have Docker running on Linux Red Hat Enterprise 6.7 and I was not involved in the initial set-up and the people have involved have since left the organisation and they cannot remember what they exactly did. The certificates used for the Linux server to connect to Docker have expired recently and I need to have them renewed asap. I found out about the certificate expiration as running docker commands such as docker ps always resulted in x509: certificate has expired or is not yet valid.

I have since tried a number different ways to generate new certificates such as the one outlined here: and also trying by using this script and uploaded the certificate files onto the Linux server:

I then end up with 3 files in the /root/.docker directory:

I also tried copying them to this directory: /etc/pki/ca-trust/source/anchors/ and then running the update-ca-trust command before finally restarting docker: service docker restart

Then, everytime I run commands such as docker ps or docker version, I keep getting x509: certificate signed by unknown authority. Example:

docker version
Client version: 1.7.1
Client API version: 1.19
Go version (client): go1.4.2
Git commit (client): 786b29d
OS/Arch (client): linux/amd64
An error occurred trying to connect: Get https:// xxxx:2376/v1.19/version: x509: certificate signed by unknown authority

Running ps to find out the docker service will show the parameters used:
ps -ef | grep docker
root 1653 1 0 08:38 pts/1 00:00:00 /usr/bin/docker -d --tlsverify -H tcp:// -H unix:///var/run/docker.sock --tlscacert=/root/.docker/ca.pem --tlscert=/root/.docker/cert.pem --tlskey=/root/.docker/key.pem
root 1716 1332 0 08:56 pts/1 00:00:00 grep docker

Can anyone help shed a light on what I might be missing here?

Thank you for your help in advance.

Instead of ca.pem, it should be called ca.crt inside /etc/docker/certs.d/REGISTRY:PORT/ca.crt…

Let me know if that helps!