The Docker Toolbox assumes SSL (https) to connect to a registry. However, if the certificate is signed by an unknown authority it will fail with this error: certificate signed by unknown authority
. Putting your company’s internal certs in the cert store that Docker uses should fix this, however, many attempts to do so were unsuccessful. There isn’t clear documentation on how to do this for OS X (El Capitan v10.11.2) that I could find.
As a workaround, you can specify that Docker should use an insecure registry with a flag. In an earlier version of Docker where Boot2Docker was used, I ended up finding I could run the following command to use an insecure registry (yes, I know this is dangerous but it’s an internal registry and not accessible to the outside world).
boot2docker ssh "echo $'EXTRA_ARGS=\"--insecure-registry myinternaldockerregistry.org\"' | sudo tee -a /var/lib/boot2docker/profile && sudo /etc/init.d/docker restart"
With updates to Docker for OS X this no longer worked. However, this did:
docker-machine ssh default "echo $'EXTRA_ARGS=\"--insecure-registry myinternaldockerregistry.org\"' | sudo tee -a /var/lib/boot2docker/profile && sudo /etc/init.d/docker restart"
Hope this helps someone else. If anyone knows how to get Docker to recognize internal certs please do share.
hey, if you don’t want to use your company certs but still want “trusted”, the EFF’s cert autority is now expanded to a public beta – https://letsencrypt.org/