/moby

docker run hello-world => Get https://index.docker.io/v1/repositories/library/hello-world/images: x509: certificate signed by unknown authority #11876

Closed
oren opened this Issue Mar 27, 2015 · 3 comments

Comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@oren
@oren

oren commented Mar 27, 2015

I am on Ubuntu 14.10. I am not using boot2docker. Any clues for resolving it would be appreciated!

docker run hello-world

Unable to find image 'hello-world:latest' locally
Pulling repository hello-world
FATA[0000] Get https://index.docker.io/v1/repositories/library/hello-world/images: x509: certificate signed by unknown authority

docker version

Client version: 1.5.0
Client API version: 1.17
Go version (client): go1.4.1
Git commit (client): a8a31ef
OS/Arch (client): linux/amd64
Server version: 1.5.0
Server API version: 1.17
Go version (server): go1.4.1
Git commit (server): a8a31ef

docker info

Containers: 7
Images: 800
Storage Driver: aufs
 Root Dir: /var/lib/docker/aufs
 Backing Filesystem: extfs
 Dirs: 814
Execution Driver: native-0.2
Kernel Version: 3.16.0-31-generic
Operating System: Ubuntu 14.10
CPUs: 4
Total Memory: 7.68 GiB
Name: oren
ID: KF2M:UGKG:QTGT:TYXH:P6QQ:QVSI:5AYE:T5I3:KLEA:QCKN:7XUW:3FOG
Username: ogolan
Registry: [https://index.docker.io/v1/]
WARNING: No swap limit support

openssl s_client -showcerts -verify 32 -CApath . -connect index.docker.io:443

CONNECTED(00000003)

---
Certificate chain
 0 s:/OU=GT98568428/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=*.docker.io
   i:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
-----BEGIN CERTIFICATE-----
MIIEpDCCA4ygAwIBAgIDAyF3MA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMSAwHgYDVQQDExdSYXBpZFNTTCBTSEEy
NTYgQ0EgLSBHMzAeFw0xNTAzMTkxNzM0MzJaFw0xODA0MjEwMTUxNTJaMIGPMRMw
EQYDVQQLEwpHVDk4NTY4NDI4MTEwLwYDVQQLEyhTZWUgd3d3LnJhcGlkc3NsLmNv
bS9yZXNvdXJjZXMvY3BzIChjKTE1MS8wLQYDVQQLEyZEb21haW4gQ29udHJvbCBW
YWxpZGF0ZWQgLSBSYXBpZFNTTChSKTEUMBIGA1UEAwwLKi5kb2NrZXIuaW8wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRyme75dbw9AxWZ8QFCwMWrrYY
SclZ6HCiEbxSNxHgg08rEfEYi46VrL+joBwlA0t5WIIxHF198NzzdXC4YeGzruY9
7osv5lPrcdeIi+Ad+fY6K0rBBOB3xdqSPPObrINZpDmWhCQjlsnM6a1Th0oSUCjI
345b84/8PH363YO+Qmnl8BWnaTcZoPzeywM9czQsMyF2bOH+dhxja/zim6iu8W34
yBhVQeQRd1QROuHcsQAX19DKTn6TXaAwIBY3xM1Bi5Zl6tueII4dOEoibw/ImR3c
H73Pk7j1Wx+rAXeeq7LwjkUCCSlKNrHFEQ2nbr0R7FH6cck1ppgM8ud1pHr9AgMB
AAGjggFOMIIBSjAfBgNVHSMEGDAWgBTDnPP800YINLvORn+gfFvz4gjLWTBXBggr
BgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9ndi5zeW1jZC5jb20wJgYI
KwYBBQUHMAKGGmh0dHA6Ly9ndi5zeW1jYi5jb20vZ3YuY3J0MA4GA1UdDwEB/wQE
AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwIQYDVR0RBBowGIIL
Ki5kb2NrZXIuaW+CCWRvY2tlci5pbzArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8v
Z3Yuc3ltY2IuY29tL2d2LmNybDAMBgNVHRMBAf8EAjAAMEEGA1UdIAQ6MDgwNgYG
Z4EMAQIBMCwwKgYIKwYBBQUHAgEWHmh0dHBzOi8vd3d3LnJhcGlkc3NsLmNvbS9s
ZWdhbDANBgkqhkiG9w0BAQsFAAOCAQEATYgwOYz/w9Qyh/YPZQDZ0BdwhkX6OCX0
Mz8pP/OO+E+1RM7ZoAGwHvIaidFqh3WeCLHjGO2IId7Ff5EZUwZhiwog0R7Y838x
OCLza/2shuvjM/FPiyXDQ6q0w4rvpwsNjmYVDdYD8bCH3b8IlO2ysjgdhRYprsdU
jg6h+zK11/tXf6S5vegrgV0F62DYx0tuTTZq/HMuXvbgY2uL1sQ5jiHlzQndV9oL
YMYqJP5MkuAKzDL5u0b8mD/EHtoPkfWOIsA5i9YrAAoWRVOJHwfFfgSY+EpXpFc4
AZUPmdZGh6q1YNavRoOL/1D5aP/VBBtofj54uMbKOK8q6vxIXSyzaw==
-----END CERTIFICATE-----
 1 s:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
-----BEGIN CERTIFICATE-----
MIIEJTCCAw2gAwIBAgIDAjp3MA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMTQwODI5MjEzOTMyWhcNMjIwNTIwMjEzOTMyWjBHMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXUmFwaWRTU0wg
U0hBMjU2IENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv
VJvZWF0eLFbG1eh/9H0WA//Qi1rkjqfdVC7UBMBdmJyNkA+8EGVf2prWRHzAn7Xp
SowLBkMEu/SW4ib2YQGRZjEiwzQ0Xz8/kS9EX9zHFLYDn4ZLDqP/oIACg8PTH2lS
1p1kD8mD5xvEcKyU58Okaiy9uJ5p2L4KjxZjWmhxgHsw3hUEv8zTvz5IBVV6s9cQ
DAP8m/0Ip4yM26eO8R5j3LMBL3+vV8M8SKeDaCGnL+enP/C1DPz1hNFTvA5yT2AM
QriYrRmIV9cE7Ie/fodOoyH5U/02mEiN1vi7SPIpyGTRzFRIU4uvt2UevykzKdkp
YEj4/5G8V1jlNS67abZZAgMBAAGjggEdMIIBGTAfBgNVHSMEGDAWgBTAephojYn7
qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUw5zz/NNGCDS7zkZ/oHxb8+IIy1kwEgYD
VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwNQYDVR0fBC4wLDAqoCig
JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMC4GCCsGAQUF
BwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMEwGA1UdIARF
MEMwQQYKYIZIAYb4RQEHNjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdlb3Ry
dXN0LmNvbS9yZXNvdXJjZXMvY3BzMA0GCSqGSIb3DQEBCwUAA4IBAQCjWB7GQzKs
rC+TeLfqrlRARy1+eI1Q9vhmrNZPc9ZE768LzFvB9E+aj0l+YK/CJ8cW8fuTgZCp
fO9vfm5FlBaEvexJ8cQO9K8EWYOHDyw7l8NaEpt7BDV7o5UzCHuTcSJCs6nZb0+B
kvwHtnm8hEqddwnxxYny8LScVKoSew26T++TGezvfU5ho452nFnPjJSxhJf3GrkH
uLLGTxN5279PURt/aQ1RKsHWFf83UTRlUfQevjhq7A6rvz17OQV79PP7GqHQyH5O
ZI3NjGFVkP46yl0lD/gdo0p0Vk8aVUBwdSWmMy66S6VdU5oNMOGNX2Esr8zvsJmh
gP8L8mJMcCaY
-----END CERTIFICATE-----

---
Server certificate
subject=/OU=GT98568428/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=*.docker.io
issuer=/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3

---
No client certificate CA names sent

---
SSL handshake has read 2919 bytes and written 431 bytes

---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 656A100E5969F5D2476ADF1ABCFDDB099BDCECD502141827A2B85921E20F7E4F
    Session-ID-ctx: 
    Master-Key: F28B62F3470653E4676F9B19F87F92B0FBB445E06445CDA610BE22A92442FCB74A65EABDB96840CBFE93648656BE4CCA
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 46 67 d2 9f ec 85 75 2e-8f 18 0e c9 31 55 c7 73   Fg....u.....1U.s
    0010 - 3b f8 e8 fe 80 17 9f f5-b9 c8 f0 9b 8d 0f 30 9a   ;.............0.
    0020 - 32 94 6b 3b ef 8d 53 61-11 3f 7c 5c 19 32 a5 7b   2.k;..Sa.?|\.2.{
    0030 - 13 09 a2 5f 08 27 11 b6-f6 d8 a6 30 1b bf da 76   ..._.'.....0...v
    0040 - 91 96 a7 cd 00 85 3e db-64 66 8b 41 a2 5b 27 77   ......>.df.A.['w
    0050 - 77 62 e3 ab 5e 2c 37 ca-f7 39 2c 6e db 31 9a 3e   wb..^,7..9,n.1.>
    0060 - 14 3e c7 9d 25 8b 27 05-45 41 d7 55 88 7f 48 7e   .>..%.'.EA.U..H~
    0070 - ff e5 c9 db a6 ae ca 8c-a0 bc b9 3f f3 2f a8 9f   ...........?./..
    0080 - 9e bd 92 0e 48 30 d4 58-48 81 9a d8 24 9b ed 5c   ....H0.XH...$..\
    0090 - 59 f1 a6 ca 47 89 76 12-18 25 22 4a b4 d9 23 fc   Y...G.v..%"J..#.

    Start Time: 1427480536
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)

---

@oren oren referenced this issue Mar 27, 2015

Closed

failed to parse certificate from server: x509: negative serial number #6474

@oren

oren commented Mar 28, 2015

Also I can't clone anything from github:
git clone https://github.com/sdelements/lets-chat.git

Cloning into 'lets-chat'...
fatal: unable to access 'https://github.com/sdelements/lets-chat.git/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
@oren

oren commented Mar 28, 2015

I also can't update my ubuntu: (14.10)

apt-get update

Failed to fetch https://get.docker.com/ubuntu/dists/docker/main/binary-amd64/Packages  server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none.
@oren

oren commented Mar 28, 2015

My ca certificates were missing from /usr/share/ca-certificates/*
I solved it with this command: update-ca-certificates -f.

More details: http://stackoverflow.com/questions/29319538/issue-with-my-ca-certificates-crt/29319873#29319873

@oren oren closed this Mar 28, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment