Fedora, docker and self-signed SSL certs

I am behind a company firewall with a man-in-the-middle SSL certificate for secure connections. Can’t have viruses over SSL, can we?

But apps which actually verify SSL connections (which is all of the apps using standard SSL/TLS/whatnot libs) do not like this. And rightfully so. But then we’re left with the following problem:

$ docker search test
FATA[0000] Error response from daemon: GEt x509: certificate signed by unknown authority

Now, to solve this on Fedora we do the following (all as root):

  • get a file with the signing certificate as PEM or DER format
  • place this file under /etc/pki/ca-trust/source/anchors
  • run “update-ca-trust extract”
  • restart docker (“systemctl restart docker.service”)

A “man update-ca-trust” is also helpful to understand what’s happening.



Leave a Reply

Your email address will not be published. Required fields are marked *