Allow user to add custom Certificate Authorities

[bbodenmiller]

Expected behavior

I should be able to use a registry signed by a custom Certificate Authority without having to register it as insecure.

Actual behavior

When attempting to use a registry signed by a custom Certificate Authority Docker for Windows returns a x509: certificate signed by unknown authority error. Only workaround is to register registry as insecure.

Related to #26, #36, #23, & docker/for-mac#343. Per @friism at #9 (comment) looks like something like this may already be on the roadmap.

[rn]

@bbodenmiller Yes, this definitely is on the roadmap. Thanks for filing this issue here (and commenting on the issues you referenced).

[dgageot]

@bbodenmiller for your information this will be included in next beta (Beta26)

[dgageot]

@bbodenmiller Docker for Windows Beta26 was released yesterday. Could you give it a shot and see if it fixes your issue?

[bbodenmiller]

Sure, will check. Do I upload the CA cert or do you pull them from the Windows cert store? The latter would be the better option.

[dgageot]

@bbodenmiller We do pull them from the cert store :-)

[dgageot]

Hi @bbodenmiller Did beta26 work for you?

[0x5487]

Hi @dgageot,

I just tried both version of beta26 and stable-1.12.1, but I still got 509: certificate signed by unknown authority . I put my certificate under Trust Root Certification Authorities folder. Do you have any suggestions that I can try? Thank you

[bbodenmiller]

1.12.1 worked for me. Perhaps some documentation is needed around where certs should be placed?

[0x5487]

@bbodenmiller ,

Would you mind me asking where did you put your certs?

[dgageot]

@bbodenmiller yes, of course! We will

[bbodenmiller]

@jasonsoft looks like mine is in both Trusted Root Certification Authorities and Intermediate Certification Authorities.

[dgageot]

@bbodenmiller @jasonsoft I hope it works well for you two. Can this is issue be closed?

[bbodenmiller]

Sounds good to me. Should I open a new issue about how it should be documented?

[friism]

Perhaps some documentation is needed around where certs should be placed?

cc @londoncalling for docs

[dgageot]

I'm going to close this issue and create an issue in our internal tracker to make sure this is documented

[GarbageYard]

Hi. I am using docker-machine on Win 10 Enterprise. When i try to run docker login, i get error:

docker login docker.artifactory.abc.net -u tom -p tom_pwd
Error response from daemon: Get https://docker.artifactory.abc.net/v2/: x509: certificate signed by unknown authority

I added certificate to both Trusted Root Certification Authorities and Intermediate Certification Authorities . I've been trying to get this working for the last 2 days but to no avail. Any pointers?

[MYZ6]

After add the certificate, I have to restart my docker, then it worked. Spent a lot of time to figure out this way.

[docker-robott]

Closed issues are locked after 30 days of inactivity.
This helps our team focus on active issues.

If you have found a problem that seems similar to this, please open a new issue.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle locked