如何在docker映像中添加CA根证书? [英] How do I add a CA root certificate inside a docker image?

查看:881
本文介绍了如何在docker映像中添加CA根证书?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在Ubuntu 14.04上的Docker 1.13.1容器中运行ASP.NET Core 1.1 Web API.

I am running an ASP.NET Core 1.1 Web API in a Docker 1.13.1 container on Ubuntu 14.04.

当代码尝试从HTTPS服务器检索某些数据时,我收到此证书身份验证错误:

When the code attempts to retrieve some data from an HTTPS server, I get this certificate authentication error:

 An error occurred while sending the request. ---> System.Net.Http.CurlException: Peer certificate cannot be authenticated with given CA certificates
   at System.Net.Http.CurlHandler.ThrowIfCURLEError(CURLcode error)
   at System.Net.Http.CurlHandler.MultiAgent.FinishRequest(StrongToWeakReference`1 easyWrapper, CURLcode messageResult)

HTTPS服务器是内部的,具有由公司CA签名的证书,因此请注意,我可能需要注册内部CA.

The HTTPS server is internal with certificate signed by our corporate CA, so am aware that I may need to register the internal CA.

到目前为止,我已经找到了关于此错误的所有信息,并且Docker谈到了使Docker本身运行,连接到存储库等问题.我的Docker工作正常,并且Web API在容器外部的Ubuntu服务器上运行没有问题.

Everything I've found so far about this error and Docker talks to getting docker itself running, connecting to repos etc. My Docker is working fine, and the Web API runs on the Ubuntu server outside of the container without a problem.

1)我需要在Docker映像中添加CA根证书吗?

1) Do I need to add a CA root certificate inside a docker image?

2)如果是,该怎么办?

2) If so, how do I do it?

3)如果没有,我该如何解决?

3) If not, how do I fix this?

推荐答案

任务本身并不特定于docker,因为您也需要在普通系统上添加该CA. askubuntu社区上有关于如何执行此操作的答案.

The task itself is not specific to docker as you would need to add that CA on a normal system too. There is an answer on the askubuntu community on how to do this.

因此,在 Dockerfile 中,您将执行以下操作(不要忘记chmod如果您使用root以外的用户运行容器):

So in a Dockerfile you would do the following (don't forget chmod in case you're running the container with a user other than root):

ADD your_ca_root.crt /usr/local/share/ca-certificates/foo.crt
RUN chmod 644 /usr/local/share/ca-certificates/foo.crt && update-ca-certificates

这篇关于如何在docker映像中添加CA根证书?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆