Docker Community Forums

Share and learn in the Docker community.

TLS CA Certificate location in Linux

docker

(Dipanjan) #1

I am using Docker EE version 17.06 and ran cis-bench security scan. My question is where I can get the
TLS CA certificate file in server. Also is it required for docker registry server or is there any other purpose.
We have all the certs under /etc/pki/tls/certs directory. Is it same or should I check for other directory as scan resuly showing no TLS CA CERT found. Also we are not using DTR.


(Fsejoseph) #2

I would read this (~/.docker/{ca,cert,key}.pem)

Daemon modes ( if you can display these you can find out what they are using.)

  • tlsverify , tlscacert , tlscert , tlskey set: Authenticate clients
  • tls , tlscert , tlskey : Do not authenticate clients

Client modes

  • tls : Authenticate server based on public/default CA pool
  • tlsverify , tlscacert : Authenticate server based on given CA
  • tls , tlscert , tlskey : Authenticate with client certificate, do not authenticate server based on given CA
  • tlsverify , tlscacert , tlscert , tlskey : Authenticate with client certificate and authenticate server based on given CA