nathanleclaire
commented
7 years ago Are you using any sort of proxy / VPN?
Closed GHrw62 closed 7 years ago
nathanleclaire
commented
7 years ago Are you using any sort of proxy / VPN?
GHrw62
commented
7 years ago No proxy/VPN being used.
GHrw62
commented
7 years ago Turns out the issue was caused by my company's proxy system called Zscalar which interjects its own certificates. Putting those certificates did not work. Learn there is SSL bypass mechanism that exempts URLs from this activity. For Docker to work properly there is two URLs that it uses that must be bypassed by Zscalar. Those are .docker.io and .cloudfront.net.
FCA69
commented
7 years ago I've had the same issue (x509: certificate signed by unknown authority).
I:
o added my corp proxy's certificate at OS level => this enabled curl to contact docker's repos.
curl -v --request POST "https://hub.docker.com/v1.27/auth/" --data-binary '{\"password\":\"
uxlab9
commented
7 years ago @FCA69 Inquiring about your post from May 19, and I may have the same issue you did. Do you think you can look at my error and see if it resembles yours, and if it would fix my error.
Installed Cyphon onto a desktop inside of enterprise domain. Followed all the directions listed at Cyphon.io but when I get to Development Environment section of instructions: $ cd /opt/cyphon/cyphondock $ sudo docker-compose -f docker-compose.yml -f docker-compose.dev.yml up
I am prompted for [sudo] password for UserName: After typing in my correct password. The return function is: "Pulling postgres (mdillon/postgis:9.6)... ERROR: Get https://registry-1.docker.io/v2/: x509: certificate signed by unknown authority"
I have copied and put my Domain Cert in /home/documents folder and even copied it to the /home/certs folder. I then ran: $ sudo cp /home/UserName/certs/xx-xx-xx.crt /usr/share/ca-certificates/extra/xx-xx-xx.crt to install my domain cert.
But I am still getting: ERROR: Get https://registry-1.docker.io/v2/: x509: certificate signed by unknown authority. As far as I know our domain admins have signed the certificate or have had it signed.
Cyphon/docker installed on Ubuntu 16.04
Thanks
FCA69
commented
7 years ago Hello, Are you using a company proxy ? If yes, install your company’s certificate. In my case I’ve appended the following file with this certificate : /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem … and modified docker’s configuration, in order to use my system’s certificates repository : { "insecure-registries":["….."], "debug":true, "tlscert": "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem" } Best regards.
De : uxlab9 [mailto:notifications@github.com] Envoyé : mercredi 5 juillet 2017 17:02 À : docker/toolbox Cc : Frédéric Castelain; Mention Objet : Re: [docker/toolbox] Docker run Hello-World error x509: certificate signed by unknown authority (#603)
@FCA69https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_fca69&d=DwMFaQ&c=B_xNwyI-4ygMhoSqrYJjrw&r=-do3pKbZyiuoSAiJ0qVNasy_bR0zbcHh8SgeK6e0JsU&m=vRkNHtZdvUKxVm7cHt-tsOyEcNR1OKHykVh7p-KxeLQ&s=2YbalwY0VN4dlR-HvGZS3L_DCGsAFZ-x0kqfS6DoYro&e= Inquiring about your post from May 19, and I may have the same issue you did. Do you think you can look at my error and see if it resembles yours, and if it would fix my error.
Installed Cyphon onto a desktop inside of enterprise domain. Followed all the directions listed at Cyphon.io but when I get to Development Environment section of instructions: $ cd /opt/cyphon/cyphondock $ sudo docker-compose -f docker-compose.yml -f docker-compose.dev.yml up
I am prompted for [sudo] password for UserName: After typing in my correct password. The return function is: "Pulling postgres (mdillon/postgis:9.6)... ERROR: Get https://registry-1.docker.io/v2/https://urldefense.proofpoint.com/v2/url?u=https-3A__registry-2D1.docker.io_v2_&d=DwMFaQ&c=B_xNwyI-4ygMhoSqrYJjrw&r=-do3pKbZyiuoSAiJ0qVNasy_bR0zbcHh8SgeK6e0JsU&m=vRkNHtZdvUKxVm7cHt-tsOyEcNR1OKHykVh7p-KxeLQ&s=oWCYKDColSta5dO5UcjK8XH8qsfT3PncKuWzfnjTOeo&e=: x509: certificate signed by unknown authority"
I have copied and put my Domain Cert in /home/documents folder and even copied it to the /home/certs folder. I then ran: $ sudo cp /home/UserName/certs/xx-xx-xx.crt /usr/share/ca-certificates/extra/xx-xx-xx.crt to install my domain cert.
But I am still getting: ERROR: Get https://registry-1.docker.io/v2/https://urldefense.proofpoint.com/v2/url?u=https-3A__registry-2D1.docker.io_v2_&d=DwMFaQ&c=B_xNwyI-4ygMhoSqrYJjrw&r=-do3pKbZyiuoSAiJ0qVNasy_bR0zbcHh8SgeK6e0JsU&m=vRkNHtZdvUKxVm7cHt-tsOyEcNR1OKHykVh7p-KxeLQ&s=oWCYKDColSta5dO5UcjK8XH8qsfT3PncKuWzfnjTOeo&e=: x509: certificate signed by unknown authority. As far as I know our domain admins have signed the certificate or have had it signed.
Cyphon/docker installed on Ubuntu 16.04
Thanks
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_docker_toolbox_issues_603-23issuecomment-2D313129781&d=DwMFaQ&c=B_xNwyI-4ygMhoSqrYJjrw&r=-do3pKbZyiuoSAiJ0qVNasy_bR0zbcHh8SgeK6e0JsU&m=vRkNHtZdvUKxVm7cHt-tsOyEcNR1OKHykVh7p-KxeLQ&s=0LBwDYW4YwVnrjAuizqG4kAkSnYTykOaYUQvtICzRlc&e=, or mute the threadhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_ANgcLMIHVab8EVMNiV2uuw-2Dmab1tyztJks5sK6VLgaJpZM4LBn2F&d=DwMFaQ&c=B_xNwyI-4ygMhoSqrYJjrw&r=-do3pKbZyiuoSAiJ0qVNasy_bR0zbcHh8SgeK6e0JsU&m=vRkNHtZdvUKxVm7cHt-tsOyEcNR1OKHykVh7p-KxeLQ&s=B444nzRiBqFTU-Dk2tLJtDQowbi5bVQ9k4Izh8_ujrM&e=.
NOTICE: This e-mail (including any attachments) may contain information that is private, confidential or legally privileged information or material and is intended solely for the use of the addressee(s). If you receive this e-mail in error, please delete it from your system without copying it and immediately notify the sender(s) by reply e-mail. Any unauthorized use or disclosure of this message is strictly prohibited. STEF does not guarantee the integrity of this transmission and may therefore never be liable if the message is altered or falsified nor for any virus, interception or damage to your system.
AVIS : Ce message (y compris toutes pièces jointes) peut contenir des informations privées, confidentielles et est pour l'usage du(es) seul(s) destinataire(s). Si vous avez reçu ce message par erreur, merci d'en avertir l'expéditeur par retour d'email immédiatement et de procéder à la destruction de l'ensemble des éléments reçus, dont vous ne devez garder aucune copie. Toute diffusion, utilisation ou copie de ce message ou des renseignements qu'il contient par une personne autre que le(les) destinataire(s) désigné(s) est interdite. STEF ne garantit pas l'intégrité de cette transmission et ne saurait être tenu responsable du message, de son contenu, de toute modification ou falsification, d’une interception ou de dégâts à votre système.
uxlab9
commented
7 years ago I believe our company is using a proxy. I ran this from Chrome: chrome://net-internals/#proxy and it returns a massive amounts of information. I copied and put my Domain Cert in /home/MyUserName/documents folder and even copied it to the /home/MyUserName/certs folder. I then ran:
$ sudo cp /home/UserName/certs/xx-xx-xx.crt /usr/share/ca-certificates/extra/xx-xx-xx.crt to install my domain cert.
But it stills returns ERROR: Get https://registry-1.docker.io/v2/: x509: certificate signed by unknown authority.
I am still very new to Ubuntu, running commands and only installed Docker/Cypon twice. Once was using a mobile hotspot so I never ran into this errors. As i am trying to learn, would you look over my commands and tell me if they are correct. Thanks
FCA69
commented
7 years ago Hello, you should try and check if you can access docker’s repo with a “curl” command; you can also try “docker pull” and “docker search”, because these commands use different certficates’ locations. If curl succeeds, you should try and use the same certificates’ location within docker. If not, there must be an issue with your certificates. And turning debug mode on might help too. Best regards.
De : uxlab9 [mailto:notifications@github.com] Envoyé : mercredi 5 juillet 2017 21:55 À : docker/toolbox Cc : Frédéric Castelain; Mention Objet : Re: [docker/toolbox] Docker run Hello-World error x509: certificate signed by unknown authority (#603)
I believe our company is using a proxy. I ran this from Chrome: chrome://net-internals/#proxy and it returns a massive amounts of information. I copied and put my Domain Cert in /home/MyUserName/documents folder and even copied it to the /home/MyUserName/certs folder. I then ran:
$ sudo cp /home/UserName/certs/xx-xx-xx.crt /usr/share/ca-certificates/extra/xx-xx-xx.crt to install my domain cert.
But it stills returns ERROR: Get https://registry-1.docker.io/v2/https://urldefense.proofpoint.com/v2/url?u=https-3A__registry-2D1.docker.io_v2_&d=DwMFaQ&c=B_xNwyI-4ygMhoSqrYJjrw&r=-do3pKbZyiuoSAiJ0qVNasy_bR0zbcHh8SgeK6e0JsU&m=vjnPBKIh1feUK6vrZ2IAlbA4C38ONRTWHFdQCD066zM&s=rYcusqsd6fJnl-1Lp73F2sD00kcO3HMIO7d_kpGD0f8&e=: x509: certificate signed by unknown authority.
I am still very new to Ubuntu, running commands and only installed Docker/Cypon twice. Once was using a mobile hotspot so I never ran into this errors. As i am trying to learn, would you look over my commands and tell me if they are correct. Thanks
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_docker_toolbox_issues_603-23issuecomment-2D313209006&d=DwMFaQ&c=B_xNwyI-4ygMhoSqrYJjrw&r=-do3pKbZyiuoSAiJ0qVNasy_bR0zbcHh8SgeK6e0JsU&m=vjnPBKIh1feUK6vrZ2IAlbA4C38ONRTWHFdQCD066zM&s=aCLzm3gqhez3BfNpHde3xxG1f6eYBGbFkE-jg12fJxA&e=, or mute the threadhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_ANgcLDc5agMbhK3W0AVc4XuUgUJngcr8ks5sK-2DoqgaJpZM4LBn2F&d=DwMFaQ&c=B_xNwyI-4ygMhoSqrYJjrw&r=-do3pKbZyiuoSAiJ0qVNasy_bR0zbcHh8SgeK6e0JsU&m=vjnPBKIh1feUK6vrZ2IAlbA4C38ONRTWHFdQCD066zM&s=ZDgtxZ3Q7ogea4bz1LWyWtF7mfekxNPYafMbVDexmes&e=.
NOTICE: This e-mail (including any attachments) may contain information that is private, confidential or legally privileged information or material and is intended solely for the use of the addressee(s). If you receive this e-mail in error, please delete it from your system without copying it and immediately notify the sender(s) by reply e-mail. Any unauthorized use or disclosure of this message is strictly prohibited. STEF does not guarantee the integrity of this transmission and may therefore never be liable if the message is altered or falsified nor for any virus, interception or damage to your system.
AVIS : Ce message (y compris toutes pièces jointes) peut contenir des informations privées, confidentielles et est pour l'usage du(es) seul(s) destinataire(s). Si vous avez reçu ce message par erreur, merci d'en avertir l'expéditeur par retour d'email immédiatement et de procéder à la destruction de l'ensemble des éléments reçus, dont vous ne devez garder aucune copie. Toute diffusion, utilisation ou copie de ce message ou des renseignements qu'il contient par une personne autre que le(les) destinataire(s) désigné(s) est interdite. STEF ne garantit pas l'intégrité de cette transmission et ne saurait être tenu responsable du message, de son contenu, de toute modification ou falsification, d’une interception ou de dégâts à votre système.
uxlab9
commented
7 years ago After physical copying my domains certificate and my domains proxy certificate to: /home/MyUserName/certs folder. I ran: $ sudo cp /home/UserName/certs/xx-xx-xx.crt /usr/share/ca-certificates/extra/xx-xx-xx.crt to install my domain.crt and my domains proxy.pem It stills returns ERROR: Get https://registry-1.docker.io/v2/: x509: certificate signed by unknown authority.
So I ran: curl localhost:5000/v2/_catalog Return Error: Failed to connect to localhost port 5000
Then I confirm I had curl installed on Ubuntu. $ sudo apt-get install libcurl3
I even attempted to run $ /etc/pki/ca-trust/extracted/pem/xx_xxx.pem - That returned command not found.
I then ran just $ docker which informed me that "Trust certs signed only by this CA (default "home/MyUserName/.docker/ca.pem)
Thanks
jeanfredericplante
commented
7 years ago I had that exact same message and it was solved by properly configuring my docker daemon with my company's proxy. See Control and Configure Docker with systemd.
tcbabu
commented
6 years ago I had similar problem and I have installed docker form binaries on my LFS linux which I built. It was due to missing cacert.pem in /etc/ssl/certs/ . I got it from curl official website copied it to /etc/ssl/cert. My curl was built to look for there for 'ca certs' by default.
cchang62
commented
6 years ago I have the same issue while pulling images from public hubs of docker. But my environment is more complicated. I run docker machine in VM-Ubuntu16.04 and the VM's host is windows 10, which is behind a company proxy. It wasn't always failed to pull images. How can I avoid this error? Or can I use a self-signed certificate instead?
saumya-goyal
commented
5 years ago @FCA69 can you please explain some more about how did you add your corporation proxy's certificate at OS level?
jrtitus
commented
5 years ago @saumya-goyal Personally, I followed the steps in the accepted answer here and got it working:
cd /usr/local/share/ca-certificates/
sudo mkdir corp
sudo cp ~/{corporate-cert}.crt corp/
sudo update-ca-certificates
Updating certificates in /etc/ssl/certs...
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.I found that I didn't need to do the other two steps listed in FCA69's comment; I only needed to restart the docker service (sudo service docker restart) after installing the corporate proxy's certificate. docker login, docker search, and docker run hello-world are all successful.
I should mention I'm running this on Ubuntu 18.04.2
sumeetpareek
commented
5 years ago We had the same issue, and my team was able to solve it as below --
Where I work the network security team had put Zscalar in place, after which no network traffic from browsers, or command line, or docker worked.
osascript -e 'quit app "Docker"' and then after a while open -a Docker -- https://danielkorn.io/post/restart-docker-mac/
lispercat
commented
4 years ago @saumya-goyal Personally, I followed the steps in the accepted answer here and got it working:
cd /usr/local/share/ca-certificates/ sudo mkdir corp sudo cp ~/{corporate-cert}.crt corp/ sudo update-ca-certificates Updating certificates in /etc/ssl/certs... 1 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... done.I found that I didn't need to do the other two steps listed in FCA69's comment; I only needed to restart the docker service (
sudo service docker restart) after installing the corporate proxy's certificate.docker login,docker search, anddocker run hello-worldare all successful.I should mention I'm running this on Ubuntu 18.04.2
Thanks, man! I was banging my head against the wall, since I installed all the certs. All I missed was the docker restart :) Big fat like from me!
Using the toolbox MINGW64 Bash command docker-machine ssh default then docker run hello-world
docker: Error while pulling image: Get https://index.docker.io/v1/repositories/library/hello-world/images: x509: certificate signed by unknown authority.Get the same error when running the same command with the MINGW64 Bash command line.
Also get the same error using MINGW64 with docker login and enter my userID and password:
This is a new install on Windows 7 Enterprise. No proxy or VPN being used. My docker versions are below:
Here is the docker.log
Ok here is what I don't understand, you can see in the beginning of the log it is using 0.0.0.0:2376 for the docker VM. When I run
docker-machine lsI see this:According boot2docker you are suppose to use hostname however it looks like two different IP addresses are being used. What should be used?