(Wildcard?) Registry certificate CA issues OSX / Virtualbox #805
Comments
Did you try pointing at a copy of your CA cert file with |
There are lots of issues and bug reports in the Docker ecosystem for this issue affecting various tools, but here's one I found: moby/moby#3946 I also recall a good discussion on one of the Docker Machine issue about possible workarounds. |
Here it is: docker/machine#491 (comment) |
Thanks for your replies. I don’t think the cross-compilation is to blame, since all of the commands above were run inside the boot2docker VM. But still, it’s good to know that could be an issue. I’ll go read the threads you linked and see if I can find a suitable workaround. Thanks. |
Complicating matters is that I’m running boot2docker in virtualbox to build a generic solution for the rest of the company. I have both CentOS 7 & boot2docker running in Parallels VMs configured via Vagrant, and neither one exhibits this behavior. It’s maddening! (This is why I posted an issue in this repo: it seems specific to the specific boot2docker install) |
Add your ca cert to /etc/ssl/certs/ca-certificates.crt You must create a executable /var/lib/boot2docker/bootlocal.sh scripts:
|
this is essentially ( @rossbachp 's advice) what #807 does. neither Docker 1.5 or 1.6 seem to use the certs in |
I needed to update my docker daemon options, like so:
to work with docker and docker-compose, also the trailing slash seems to be required since docker 1.6. |
I know I must be missing something obvious, but I cannot docker login to a private registry using a non-standard (wildcard, Comodo EssentialSSL) SSL/TLS certificate.
I installed boot2docker & Virtualbox via the OSX Boot2Docker-1.5.0.pkg installer.
[Also: I know these files will be blown away on reboot. My goal was to get it working then get it repeatable, however if there is a better way to solve both issues simultaneously, I’d love to know]
All of the solutions I can find online are either A) for a debian VM/host, B) dangerously tell the user to just turn off SSL certificate validation with
--insecure-registry
or C) both.I have placed the Comodo EssentialSSL CA bundle in the appropriate location and it does not seem to help.
Before:
That’s to be expected. However, after I add the CA bundle, I get a pruned error message (interestingly with a different error code):
Just to confirm the bundle is correct, curl is happy to use it:
Without the CA bundle:
And with it:
So that suggests to me that the bundle is not incorrect, but I am at a loss for where to go next.
The text was updated successfully, but these errors were encountered: