Docker Community Forums

Share and learn in the Docker community.

Login, Docker hub, Firewall Error: Error response from daemon: Get x509: certificate signed by unknown authority

When I’m logging in, or Pull an image from the docker hub I got following Error:

Error response from daemon: Get x509: certificate signed by unknown authority.

My Company doesn’t use a Proxy. But they have a firewall wich opens the TLS packets and replaces the Certificates by their own.

-Im using docker Comunity 19.03.7
-I’m Running docker in Virtual Box with Linux Ubuntu 16.02.6 LTS Xenial. My host computer OS is Windows 10 Pro.

in case it helps here is the docker System Info:

docker system info 
Debug Mode: false 
Containers: 0 
  Running: 0 
  Paused: 0 
  Stopped: 0 
Images: 0 
Server Version: 19.03.7 
Storage Driver: overlay2 
  Backing Filesystem: <unknown> 
  Supports d_type: true 
  Native Overlay Diff: true 
Logging Driver: json-file 
Cgroup Driver: cgroupfs 
  Volume: local 
  Network: bridge host ipvlan macvlan null overlay 
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog 
Swarm: inactive 
Runtimes: runc 
Default Runtime: runc 
Init Binary: docker-init 
containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429 
runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd 
init version: fec3683 
Security Options: 
   Profile: default 
Kernel Version: 4.15.0-88-generic 
Operating System: Ubuntu 16.04.6 LTS 
OSType: linux 
Architecture: x86_64 
CPUs: 1 
Total Memory: 6.575GiB 
Name: CC5UbuntuVM 
Docker Root Dir: /var/lib/docker 
Debug Mode: false 
Experimental: false 
Insecure Registries: 
Live Restore Enabled: false 
WARNING: No swap limit support 

I followed these instruction but still the same error.

What I did:
-Generated the client Certificates and put them with the Company-Name-Intermediate.cer of my Company in the following folders

put these files:

In these folders:

Run sudo update-ca-certificates
restarted Docker (Same error)

So I have these questions:

  1. 1 -Could the solution I tried working in my case?

  2. 2 -Do I have to name the Directory/certificate different? For example:
    Instead of

  3. 3 -May I have to put the Company certificate to a linux compatible Format?

  4. 4 -Would it work to configure the firewall to pass packets whitout opening from to get rid of the error?
    Edit: my Companys IT made the Firewall settings to pass packets without tuching them, still same Error. May there are other docker URL’s the client tries to reach?