When I’m logging in, or Pull an image from the docker hub I got following Error:
Error response from daemon: Get https://registry-1.docker.io/v2/: x509: certificate signed by unknown authority.
My Company doesn’t use a Proxy. But they have a firewall wich opens the TLS packets and replaces the Certificates by their own.
-Im using docker Comunity 19.03.7
-I’m Running docker in Virtual Box with Linux Ubuntu 16.02.6 LTS Xenial. My host computer OS is Windows 10 Pro.
in case it helps here is the docker System Info:
docker system info Client: Debug Mode: false Server: Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 19.03.7 Storage Driver: overlay2 Backing Filesystem: <unknown> Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429 runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd init version: fec3683 Security Options: apparmor seccomp Profile: default Kernel Version: 4.15.0-88-generic Operating System: Ubuntu 16.04.6 LTS OSType: linux Architecture: x86_64 CPUs: 1 Total Memory: 6.575GiB Name: CC5UbuntuVM ID: PLUL:M3KE:Q4XA:HYQV:CZFX:E5NQ:OHOY:3S5E:WVJG:X2JZ:UHFT:4UUE Docker Root Dir: /var/lib/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false WARNING: No swap limit support
I followed these instruction https://docs.docker.com/engine/security/certificates/ but still the same error.
What I did:
-Generated the client Certificates and put them with the Company-Name-Intermediate.cer of my Company in the following folders
put these files:
In these folders:
restarted Docker (Same error)
So I have these questions:
1 -Could the solution I tried working in my case?
2 -Do I have to name the Directory/certificate different? For example:
3 -May I have to put the Company certificate to a linux compatible Format?
4 -Would it work to configure the firewall to pass packets whitout opening from registry-1.docker.io to get rid of the error?
Edit: my Companys IT made the Firewall settings to pass Docker.io packets without tuching them, still same Error. May there are other docker URL’s the client tries to reach?