Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Login to internal docker registry with self-signed Server-Certificate fails #36

Closed
hofsa opened this issue Aug 12, 2016 · 3 comments
Closed

Login to internal docker registry with self-signed Server-Certificate fails #36

hofsa opened this issue Aug 12, 2016 · 3 comments
Labels
lifecycle/locked

Comments

@hofsa
Copy link

hofsa commented Aug 12, 2016

Expected behavior

When trying to login to an internal docker registry with:
docker login registry.isc.ejpd.admin.ch
Expected successful login acknowledged with the message
"Login Succeeded"
The exact same command run successfully from a Linux host.

Actual behavior

Login fails with:
"Error response from daemon: Get https://registry.isc.ejpd.admin.ch:5000/v1/users/: x509: certificate signed by unknown authority"

Information

Diagnostic ID: 6BB9DE18-179E-43B2-8240-FA7CC6431D73/2016-08-12_10-21-58

The registry uses a self-signed Certificate (See attached file registry.crt.txt, remove txt-extension)

The CA-Certificate is added to the following locations on the Windows-filesystem:
C:\ProgramData\Docker\certs.d\registry.isc.ejpd.admin.ch
C:\ProgramData\Docker\certs.d\registry.isc.ejpd.admin.ch5000

Restarted Docker & even rebooted the Machine

Windows Version: Windows 10 Pro Version 1607 (OS Build 14393.10)
Docker for Windows: 1.12.0-stable (Build 5968)

The login also fails, if I connect to the MobyLinuxVM and execute the login-command there. I was not able to find the CA-Cert on the MobyLinuxVM. Looks like the certificates are not propagated from the Windows-Filesystem into the MobyLinuxVM

Steps to reproduce the behavior

  1. Start an internal docker registry with a self-signed certificate
  2. Add the registry-certificate to C:\ProgrammData\Docker\certs.d<>
  3. Try to login to the registry with: docker login <>
@hofsa
Copy link
Author

hofsa commented Aug 12, 2016

Workaround

I was able to skip certificate-validation using the "insecure-registries" - option for the docker daemon:

{
  "registry-mirrors": [],  
  "insecure-registries": [
    "registry.isc.ejpd.admin.ch",
    "registry.isc.ejpd.admin.ch:5000"
  ],
  "debug": true
}

docker login registry.isc.ejpd.admin.ch works now as expected.

@rn rn added the area/docker label Aug 19, 2016
@rn
Copy link
Contributor

rn commented Aug 19, 2016

@hofsa Thanks for following up. Yes for now, you have to set the insecure registry setting. Unless I misunderstood, this fixes your issue. Closing...please re-open if I misunderstood.

@rn rn closed this as completed Aug 19, 2016
This was referenced Aug 20, 2016
Closed
Closed
@rn rn mentioned this issue Aug 23, 2016
Closed
@hofsa hofsa mentioned this issue Sep 8, 2016
Closed
@amd5 amd5 mentioned this issue Dec 3, 2019
Closed
@docker-robott
Copy link
Collaborator

Closed issues are locked after 30 days of inactivity.
This helps our team focus on active issues.

If you have found a problem that seems similar to this, please open a new issue.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle locked

@docker docker locked and limited conversation to collaborators Jun 17, 2020
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Assignees
No one assigned
Labels
lifecycle/locked
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rn @hofsa @docker-robott