Docker Community Forums

Share and learn in the Docker community.

Docker Mac OS Beta - Add to CA Cert Chains? - RESOLVED

beta

(Infosec812) #1

See: Adding (self signed) certificates

Expected behavior

  • Be able to add CA certificate chains to the docker VM for use with private registries

Actual behavior

  • I am unable to determine how to add my CA chain to the new xhyve VM

Information

  • the output of: pinata diagnose -u
OS X: version 10.11.5 (build: 15F34)
Docker.app: version: v1.11.1-beta14.5.m
Running diagnostic tests:
[OK]      docker-cli
[OK]      Moby booted
[OK]      driver.amd64-linux
[OK]      vmnetd
[OK]      osxfs
[OK]      db
[OK]      slirp
[OK]      menubar
[OK]      environment
[OK]      Docker
[OK]      VT-x
Docker logs are being collected into /tmp/20160606-213428.tar.gz
Most specific failure is: No error was detected
Your unique id is: 030F516C-5490-428D-BA4E-ABF86DE4C082
Please quote this in all correspondence.

Steps to reproduce the behavior

  1. Install new Docker for Mac OS Beta
  2. Attempt to log in docker login to a registry which is using a cert signed by a CA which is not included by default (Entrust)

Actual output:

docker login -u username -p password my.registry.company.com
Error response from daemon: Get https://my.registry.company.com/v1/users/: x509: certificate signed by unknown authority

On Linux, I append the Entrust bundle PEM files to /etc/ssl/certs/ca-certificates.crt and restart the docker daemon and it works perfectly.


(Infosec812) #2

This is kinda a duplicate of Adding (self signed) certificates

This process worked for me and solved the issue.