Import own CA root certificate into Docker container
You would need to pass the CA to the container and add it to the container trust list. This could be done at runtime (with the container action, such as a bash or powershell script, or running the container interactively) or by creating an updated image (with docker build
on a dockerfile or docker commit
on a running container that has been modified to your need).
Related videos on Youtube
![mrik974](https://i.stack.imgur.com/MzA5T.jpg?s=256&g=1)
mrik974
Updated on September 18, 2022Comments
-
mrik974 almost 2 years
I use a FreeIPA server on a CentOS machine. It also works as a Certification Authority.
A few HTTP services are running with certificates issued by FreeIPA and everything works well.
I have another CentOS server, connected to my domain, that has the FreeIPA root certificate setup correctly. When I
curl https://freeipa.example.com
directly from that server I encounter no issue.But this server also runs Docker containers, that seem to have issues to connect to the httpd servers running with my FreeIPA certificates.
When I run
curl https://freeipa.example.com
I have the following issue:curl: (60) SSL certificate problem: unable to get local issuer certificate
.It seems that Docker doesn't care about the root certificate that is setup into the CentOS server to connect to FreeIPA.
How can I solve this issue ?
-
duct_tape_coder over 5 yearsIf I'm understanding correctly, the docker host trusts the certificate but the container does not? If so, you would need to pass the CA to the container and add it to the container trust list. This could be done at runtime or by creating an updated image.
-
mrik974 over 5 yearsyou're correct. I found that afterwards, but I'll let you make an answer of it :).
-