Docker Community Forums

Share and learn in the Docker community.

Self signed certificate for docker command-line


(Shawnjohnson159) #1

When trying to pull an image from docker hub, which assumes HTTPS, requests past through our corporate proxy, requiring our certificate to be installed in whatever client is making the request. I’m trying to do a simple “docker build” from Dockerfile.

I get the following output/error:
Sending build context to Docker daemon 2.048 kB
Step 1 : FROM maven:3-jdk-8
Pulling repository docker.io/library/maven
Error while pulling image: Get https://index.docker.io/v1/repositories/library/maven/images: x509: certificate signed by unknown authority

Information

Docker for Mac: version: mac-v1.12.0-beta18-3-gec40b14
OS X: version 10.11.5 (build: 15F34)

I have followed the suggestions in this topic (Adding (self signed) certificates). I may not be quite understanding, but it seems that in my case I’m calling ‘docker’, an OS X executable, and that would be pulling it’s certificates from a different place. Any suggestion on how to add our self-signed certificate so we can pull images from docker hub?


(Shawnjohnson159) #2

Apparently I had figured this out before, then forgot. For the next person here is what worked for me:

  1. (from OS X) Connect to the docker VM:
    screen ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty
  2. Login as ‘root’
  3. (inside the vm) copy the certificates into the vm /usr/local/share/ca-certificates/ folder
    Ex. cp /Users/.../certs/proxy.crt /usr/local/share/ca-certificates/proxy.crt
  4. (inside the vm) run the following command:
    update-ca-certificates

The last command will give the following error, which you can ignore.

WARNING: ca-certificates.crt does not contain exactly one certificate or CRL: skipping