Closed DaveB93 closed 2 years ago
Thanks for the report, we'll have a look.
Issues go stale after 90 days of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
comment.
Stale issues will be closed after an additional 30 days of inactivity.
Prevent issues from auto-closing with an /lifecycle frozen
comment.
If this issue is safe to close now please do so.
Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows. /lifecycle stale
/remove-lifecycle stale
Issues go stale after 90 days of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
comment.
Stale issues will be closed after an additional 30 days of inactivity.
Prevent issues from auto-closing with an /lifecycle frozen
comment.
If this issue is safe to close now please do so.
Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows. /lifecycle stale
Closed issues are locked after 30 days of inactivity. This helps our team focus on active issues.
If you have found a problem that seems similar to this, please open a new issue.
Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows. /lifecycle locked
Actual behavior
my IT department has put in a firewall, which is deliberately doing a mitm attach for ssl requests. If I try to install docker containers, or kubernetes without putting exceptions in the firewall, docker gets an error because of the self signed certificate. inside my own containers, I can add the firewalls ca cert and run update-ca-certificates, and they work, but even though your documenation seems to indicate you're doing this as well, it does not seem to be working. It looks like if you update wget to the latest busybox version you can tell it to use openssl on the system, which would allow this to work
from AppData\local\docker\log.txt
Expected behavior
There should be a way to add trusted ca certs to docker desktop, so that it can work behind a firewall.
e.g. adding a trusted certificate to the windows certificate store and restarting docker-desktop should bring the certificates into docker-desktop, and docker desktop's wget should use those certificates.
Information
According to https://docs.docker.com/docker-for-windows/#how-do-i-add-custom-ca-certificates it's implied that if I have a certificate in my windows trust store, that it will be added to the CA certs for docker-desktop. this doesn't seem to be the case, however I do see the desired certificates in C:\Users\~\AppData\Local\Docker\vm-config. The version of BusyBox wget in docker desktop does not have openssl support to use the system certificate store
Server: Docker Engine - Community Engine: Version: 20.10.5 API version: 1.41 (minimum version 1.12) Go version: go1.13.15 Git commit: 363e9a8 Built: Tue Mar 2 20:15:47 2021 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.4.4 GitCommit: 05f951a3781f4f2c1911b05e61c160e9c30eaa8e runc: Version: 1.0.0-rc93 GitCommit: 12644e614e25b05da6fd08a38ffa0cfe1903fdec docker-init: Version: 0.19.0 GitCommit: de40ad0