search

docker / for-mac

Bug reports for Docker Desktop for Mac
https://www.docker.com/products/docker#/mac
2.43k stars 118 forks source link

Docker pull from private repo fails with: certificate signed by unknown authority #2185

Open cbrichford opened 6 years ago

cbrichford commented 6 years ago

Expected behavior

Docker for mac should trust the certificate roots installed on my mac.

Actual behavior

Docker pull fails with: Error response from daemon: Get https://repos.fbn.internal/v2/: x509: certificate signed by unknown authority

Information

Docker for Mac: version: 17.10.0-ce-mac36 (a38d9cd48bd0ee31ec82c59b783aa2f2817bfb92)
macOS: version 10.12.6 (build: 16G29)
logs: /tmp/4D2F8472-3006-48D7-91DA-20FE360AF516/20171030-095835.tar.gz
[OK]     db.git
[OK]     vmnetd
[OK]     dns
[OK]     driver.amd64-linux
[OK]     virtualization VT-X
[OK]     app
[OK]     moby
[OK]     system
[OK]     moby-syslog
[OK]     db
[OK]     env
[OK]     virtualization kern.hv_support
[OK]     slirp
[OK]     osxfs
[OK]     moby-console
[OK]     logs
[OK]     docker-cli
[OK]     menubar
[OK]     disk

Docker pull command: docker pull repos.fbn.internal/debian

Actual output:

Using default tag: latest
Error response from daemon: Get https://repos.fbn.internal/v2/: x509: certificate signed by unknown authority

Steps to reproduce the behavior

  1. Install docker for mac from edge channel.
  2. Create a self signed root certificate authority ( you can find docs online on how to do this )
  3. Install the self signed certificate into the system keychain on your mac. Mark the certificate as fully trusted.
  4. Create a certificate for the private repo that is signed by your root certificate authority.
  5. Setup the docker repo and install the certificate on the private repo.
  6. Attempt to docker pull/push to the private repo.
EMCP commented 6 years ago

am i correct in reading the docs to mean this is known to be the openssl on mac is incompatible with Docker?

https://docs.docker.com/engine/security/certificates/#understanding-the-configuration

Is there a way to self-sign certificates for use with my apps inside a container?

docker-robott commented 6 years ago

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale comment. Stale issues will be closed after an additional 30d of inactivity.

Prevent issues from auto-closing with an /lifecycle frozen comment.

If this issue is safe to close now please do so.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows. /lifecycle stale

Deviad commented 6 years ago

/lifecycle frozen

Deviad commented 6 years ago

/remove-lifecycle stale

Deviad commented 6 years ago

https://github.com/docker/machine/issues/4563 I opened this new issue