Docker behind proxy that changes ssl certificate

reen picture reen · Nov 28, 2013 · Viewed 31.3k times · Source

I am trying to run the following docker command:

docker run -i -t ubuntu /bin/bash

But I get the error:

Unable to find image 'ubuntu' (tag: latest) locally

Pulling repository ubuntu
2013/11/28 14:00:24 Get https://index.docker.io/v1/images/ubuntu/ancestry: x509: certificate signed by unknown authority

I know that our company replaces the SSL Certificate on the fly for https requests.

I tried to trust our company's CA certificate by putting it in:

 /etc/pki/tls/certs/ca-bundle.crt

and

/etc/pki/tls/cert.pem

But it is still not working.

Any ideas?

Answer

jpetazzo picture jpetazzo · Nov 28, 2013

According to http://golang.org/src/pkg/crypto/x509/root_unix.go, you should append your certificate to one of the following:

  • /etc/ssl/certs/ca-certificates.crt
  • /etc/pki/tls/certs/ca-bundle.crt
  • /etc/ssl/ca-bundle.pem
  • /etc/ssl/cert.pem
  • /usr/local/share/certs/ca-root-nss.crt

Find the one that exists on your system, and append your certificate to it.

(And be ready to do it again when you upgrade the package containing that file...)

I hope there is a better method, but this is the only one I found so far :-)