Docker Community Forums

Share and learn in the Docker community.

Error response from daemon: ... remote error: tls: handshake failure

Problem: When I execute docker pull hello-world using the command prompt (as administrator and as non-administrator) an error is returned indicating a failure with a tls handshake.

This only occurs when connected to the company network. They use Zscaler (SSL inspection). I have downloaded the Zscaler Root CA and Zscaler Intermediate CA and installed them to the Local Computer Certificate Store. I have restarted the Docker runtime (default configuration - not amended) and the error persists.

I can confirm that all works if disconnected from the company network using my phone as the internet connection so it definitely has something to do with the SSL inspection.

I have gone through quite a lot of articles describing the problem somewhat, i.e. X509 certificate errors, mine is not the same, it is a handshake failure (possibly the same error but maybe reported differently since I upgraded from a previous Docker for Windows Version).

Does anyone have any suggestions how to resolve this issue?

Steps to Reproduce

$ docker pull hello-world
Using default tag: latest
Error response from daemon: Get remote error: tls: handshake failure

Version Installed (as reported by Windows Apps/Programs): Docker

Docker CLI Reports: Docker version 18.09.0-ce-beta1, build 78a6bdb

$ docker version
Client: Docker Engine - Community
Version: 18.09.0-ce-beta1
API version: 1.39
Go version: go1.10.4
Git commit: 78a6bdb
Built: Thu Sep 6 22:42:13 2018
OS/Arch: windows/amd64
Experimental: false

Server: Docker Engine - Community
Version: 18.09.0-ce-beta1
API version: 1.39 (minimum version 1.12)
Go version: go1.10.3
Git commit: 78a6bdb
Built: Thu Sep 6 22:49:35 2018
OS/Arch: linux/amd64
Experimental: true
Version: v1.10.3
StackAPI: Unknown

Hi there !
Did you found the solution?
I’m facing the same problem since I have upgrade Docker… With and my own registry !

did you find the solution?

Also having a similar problem.

I just got to know that we need to install all sites certificates to trusted store on all hosts