Docker Community Forums

Share and learn in the Docker community.

Login, Docker hub, Firewall Error: Error response from daemon: Get https://registry-1.docker.io/v2/: x509: certificate signed by unknown authority

When I’m logging in, or Pull an image from the docker hub I got following Error:

Error response from daemon: Get https://registry-1.docker.io/v2/: x509: certificate signed by unknown authority.

My Company doesn’t use a Proxy. But they have a firewall wich opens the TLS packets and replaces the Certificates by their own.

-Im using docker Comunity 19.03.7
-I’m Running docker in Virtual Box with Linux Ubuntu 16.02.6 LTS Xenial. My host computer OS is Windows 10 Pro.

in case it helps here is the docker System Info:

docker system info 
Client: 
Debug Mode: false 
  
Server: 
Containers: 0 
  Running: 0 
  Paused: 0 
  Stopped: 0 
Images: 0 
Server Version: 19.03.7 
Storage Driver: overlay2 
  Backing Filesystem: <unknown> 
  Supports d_type: true 
  Native Overlay Diff: true 
Logging Driver: json-file 
Cgroup Driver: cgroupfs 
Plugins: 
  Volume: local 
  Network: bridge host ipvlan macvlan null overlay 
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog 
Swarm: inactive 
Runtimes: runc 
Default Runtime: runc 
Init Binary: docker-init 
containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429 
runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd 
init version: fec3683 
Security Options: 
  apparmor 
  seccomp 
   Profile: default 
Kernel Version: 4.15.0-88-generic 
Operating System: Ubuntu 16.04.6 LTS 
OSType: linux 
Architecture: x86_64 
CPUs: 1 
Total Memory: 6.575GiB 
Name: CC5UbuntuVM 
ID: PLUL:M3KE:Q4XA:HYQV:CZFX:E5NQ:OHOY:3S5E:WVJG:X2JZ:UHFT:4UUE 
Docker Root Dir: /var/lib/docker 
Debug Mode: false 
Registry: https://index.docker.io/v1/ 
Labels: 
Experimental: false 
Insecure Registries: 
  127.0.0.0/8 
Live Restore Enabled: false 
  
WARNING: No swap limit support 

I followed these instruction https://docs.docker.com/engine/security/certificates/ but still the same error.

What I did:
-Generated the client Certificates and put them with the Company-Name-Intermediate.cer of my Company in the following folders

put these files:
client.cert
cleint.key
Company-Name-Intermediate.cer

In these folders:
/usr/local/share/ca-certificates/
/etc/docker/certs.d/Url-Company-Server/

Run sudo update-ca-certificates
restarted Docker (Same error)

So I have these questions:

  1. 1 -Could the solution I tried working in my case?

  2. 2 -Do I have to name the Directory/certificate different? For example:
    /etc/docker/certs.d/index.docker.io/index.docker.io.cer
    Instead of
    /etc/docker/certs.d/Url-Company-Server/Company-Name-Intermediate.cer

  3. 3 -May I have to put the Company certificate to a linux compatible Format?

  4. 4 -Would it work to configure the firewall to pass packets whitout opening from registry-1.docker.io to get rid of the error?
    Edit: my Companys IT made the Firewall settings to pass Docker.io packets without tuching them, still same Error. May there are other docker URL’s the client tries to reach?