Docker Community Forums

Share and learn in the Docker community.

Where does Docker get certificates from on Ubuntu?


(Windofkeltia) #1

Attempting to log into Docker,

$ docker login
Username (russell.bateman):

I only get

Error response from daemon: Get x509: certificate signed by unknown authority

I have dropped my certificates into /usr/local/share/ca-certificates:

+-- product-sha256.pem
`-- ca-o-matic
     `-- ca-o-matic-SHA256.crt

and run

# update-ca-certificates

which says,

Updating certificates in /etc/ssl/certs...
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
Replacing debian:ca-o-matic-SHA256.pem

In ~/.docker/config.json, I have:

    "auth": "blahblah...blah==",
    "email": ""

Then, I verify

# openssl verify product-sha256.pem: OK
product-sha256.pem: OK

I’m pretty unfamiliar with the nitty-gritty of certificates. Why the error response? Why does docker login ask me for username and password when I’ve got ~/.docker/config.json?

(Windofkeltia) #2

The answers turn out to be that our artifactory does not support username/password log-in, but only certificate-based access. The certificate wasn’t really known (making docker login resort to asking for username and password), but I should not have been attempting to log in. It appears that after installing the new certificate (only the root certificate is needed, not the other one), the Docker daemon must be bounced. So, once Docker was bounced, the certificate worked, docker pull (not docker login) worked fine.