We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
我们在构建 docker 镜像时一般使用的是 alpine linux 系统,默认是不带 ca-certificates 根证书的,导致无法识别外部 https 携带的数字证书。
docker
alpine linux
ca-certificates
那么,在访问的时候就会抛出 x509: certificate signed by unknown authority 的错误,导致 docker 容器的接口服务返回 500。
x509: certificate signed by unknown authority
500
为了解决证书验证的问题,我们要在构建 docker 镜像的时候把 ca-certificates 根证书给装上,这样就能识别来自外部 https 的数字证书了。
https
在编辑 Dockerfile 的时候加入以下命令即可:
Dockerfile
RUN apk --no-cache add ca-certificates \ && update-ca-certificates
如果不想重新构建镜像的话,可以直接进入容器:
$ docker exec -it '容器ID或容器名称' bash
然后执行安装根证书命令:
$ apk --no-cache add ca-certificates && update-ca-certificates
出现以下警告,可以忽略:
WARNING: ca-certificates.crt does not contain exactly one certificate or CRL: skipping
然后重启容器即可:
$ docker restart '容器ID或容器名称'
The text was updated successfully, but these errors were encountered:
No branches or pull requests
docker 访问外部 https 的数字证书验证问题
我们在构建
docker镜像时一般使用的是alpine linux系统,默认是不带ca-certificates根证书的,导致无法识别外部 https 携带的数字证书。那么,在访问的时候就会抛出
x509: certificate signed by unknown authority的错误,导致docker容器的接口服务返回500。为了解决证书验证的问题,我们要在构建
docker镜像的时候把ca-certificates根证书给装上,这样就能识别来自外部https的数字证书了。在编辑
Dockerfile的时候加入以下命令即可:RUN apk --no-cache add ca-certificates \ && update-ca-certificates如果不想重新构建镜像的话,可以直接进入容器:
然后执行安装根证书命令:
$ apk --no-cache add ca-certificates && update-ca-certificates出现以下警告,可以忽略:
然后重启容器即可:
$ docker restart '容器ID或容器名称'The text was updated successfully, but these errors were encountered: