osx - docker login fails -> x509: certificate signed by unknown authority .. "crypto/rsa: verification error" -

January 15, 2010

i have created private docker registry fronted nginx. nginx ssl terminates.

i obfuscating domain using my-domain.com purpose of question.

i using osx 10.10.3 has boot2docker installed. should noted workflow of vagrant + coreos + docker shouldn't involve boot2docker since having issues within vm(coreos) , not host(osx).

i using vagrant spin local coreos vm box. ssh instance of vm , attempt issue following command

$ docker login docker.my-domain.com

i prompted username, password, email expected; , supply details.

note: able issue above command in host os (osx) expected , able login (generates ~/.dockercfg file).

i following error:

fata[0008] error response daemon: v1 ping attempt failed error: https://docker.my-domain.com/v1/_ping:  x509: certificate signed unknown authority (possibly because of "crypto/rsa: verification error" while trying  verify candidate authority certificate "*.my-domain.com"). if private registry supports http or https  unknown ca certificate, please add `--insecure-registry docker.my-domain.com` daemon's  arguments. in case of https, if have access registry's ca certificate, no need flag;  place ca certificate @ /etc/docker/certs.d/docker.my-domain.com/ca.crt

i have copied on ca.crt self signing. can confirm coreos able connect server on ssl. ran command

openssl s_client -cafile /etc/docker/certs.d/docker.my-domain.com/ca.crt -connect docker.my-domain.com:443

and expected 'verify return code: 0 (ok)'. leads me believe docker seems having problem.

$ docker version (from within coreos vm) client version: 1.6.1-rc2 client api version: 1.18 go version (client): go1.4.2 git commit (client): 17f157d-dirty os/arch (client): linux/amd64 server version: 1.6.1-rc2 server api version: 1.18 go version (server): go1.4.2 git commit (server): 17f157d-dirty os/arch (server): linux/amd64

after this, not sure need try next. , appreciated!

this turned out 2 part issue. first issue when placed certificate file(ca.crt) in relative /etc/ssl/certs/ folder, didn't rename original file .pem extension. meant when ran the update-ca-certificates install custom certificate on client machine, wasn't getting recognized. hiding second , main issue.

i wasn't using correct certificate file. once used correct certificate file, , renamed file have .pem extension ran update-ca-certificates , issued login command , worked.

i assume mush have installed correct version of cert correctly on host osx machine, why worked there not in vm.

Search This Blog

Lix

osx - docker login fails -> x509: certificate signed by unknown authority .. "crypto/rsa: verification error" -

Comments

Post a Comment

Popular posts from this blog

Email notification in google apps script -

c++ - Difference between pre and post decrement in recursive function argument -

javascript - IE11 incompatibility with jQuery's 'readonly'? -