Unable to connect do a https repository with enterprise CA certificate. #483
Comments
|
enable this in the settings.json of JSCode: |
|
I have the same issue. However, I'm using mkcert) as a very simple to setup internal CA. I thought it worth mentioning here, in case you need an easy way to get an "enterprise CA" going to dev/test this issue. |
|
Thanks. I assume you have your certificate in the Windows certificate store? |
|
Yes. Certificate is in the windows cert store. |
|
Please note that setting http.proxyStrictSSL=false is not recommended due to security reasons. |
|
@aarongilliland @SebastianSchuette @grhm @MiguelTVMS @a5hw4nth Would one of you be willing to try a private drop and see if it fixes the issue? I'm having a hard time setting this up properly myself to test... Just go to https://dev.azure.com/ms-azuretools/AzCode/_build/results?buildId=376&view=logs, click on Artifacts, download the VSIX, and use F1-> Install from VSIX in vscode. |
|
@StephenWeatherford Just tried that build and I'm still seeing the "unable to verifiy the first certificate" error. The certificate is in my Windows certificate store, and going to https://<my_ip>:<my_port>/v2/_catalog in Edge works and shows root and server certificates as trusted. |
@StephenWeatherford I thought I'd try and make it easier for you to set up a registry yourself - so I've created a repo grhm/testRegistry that has a couple of scripts to setup a local dev CA and to create certs. There is also a docker-compose.yml to run a registry with certificates, and a script to uninstall the CA and leave your machine as before. Hopefully, that'll help someone work out whats going on. |
|
Wow, appreciate that. Will try it out. |
|
@grhm That was immensely helpful, thanks! Could you try this one? https://dev.azure.com/ms-azuretools/AzCode/_build/results?buildId=462&view=logs |
|
@StephenWeatherford I've installed the vsix from that build 462 drop, and I can now connect to my registry with an internal CA. So works for my use case. |
|
Great, appreciate the help! |
|
@MiguelTVMS @ya5hw4nth @grhm Could you please try the new functionality for https://github.com/microsoft/vscode-docker#self-signed-and-corporate-certificates and see if that works for you? Thanks! |
|
@StephenWeatherford, it's working fine. Thanks a lot. |
I'm trying to connect to a private repository that uses a https certificate signed by our enterprise CA. My docker does to login command correctly with this repository and and CA certificate is in windows certificate store. One more informations this repository works fine and it's not in the insecure registry settings in my docker.
Action: vscode-docker.connectCustomRegistry
Error type: RequestError
Error Message: Error: unable to verify the first certificate
Version: 0.2.0
OS: win32
The text was updated successfully, but these errors were encountered: