Docker Community Forums

Share and learn in the Docker community.

Using Client Certificates


(Zadeluca) #1

I am new to docker, but I have Windows 10 with Hyper-V enabled and Docker for Windows installed. I have followed the directions in the FAQ (https://docs.docker.com/docker-for-windows/faqs/#how-do-i-add-client-certificates) but can’t manage to get client certificates working to access a secure repository running on a private site, let’s call it docker.site.blah

Specifically, I created a directory C:\Users\my.name.docker\certs.d\docker.site.blah
This directory contains two files: client.cert and client.key, which I created from my personal issued certificate using openssl.

I then restarted docker but when I run docker login docker.site.blah, I am prompted for a username/password rather than having it just use the certificates.

I don’t know how to proceed in debugging. There is nothing in the log file that says anything about the certificates, and I can’t figure out how to browse the Moby VM to verify that they are getting copied to /etc/docker/certs.d as the FAQ claims they should be.

Note 1: There is no problem with the server cert or anything like that because it is issued by a trusted root CA.
Note 2: I know these files are correct because site.blah is also running GitLab which I can successfully interact with using the same client cert/key.

If anyone can help or point my in another direction, thank you in advance! In the meantime, I guess I will try it with Docker Toolbox to see if I have better luck, but I would of course prefer to use Docker for Windows.


(Zadeluca) #2

Update: I was successful using Docker Toolbox, after copying the files to the /etc/docker/certs.d/docker/docker.site.blah, so now I know for certain my cert is good.

However I did discover that my site is using two-factor authentication, so I still need to provide a username/password along with the certificate. That works fine with Docker Toolbox, but with Docker for Windows I get a 403 Forbidden response, which appears to still support my theory that the cert/key is not being sent along with the login request. I’ll see if I can get the site admin to confirm this from their end.