如何在 docker 镜像中添加 CA 根证书? [英] How do I add a CA root certificate inside a docker image?
问题描述
我正在 Ubuntu 14.04 上的 Docker 1.13.1 容器中运行 ASP.NET Core 1.1 Web API.
I am running an ASP.NET Core 1.1 Web API in a Docker 1.13.1 container on Ubuntu 14.04.
当代码尝试从 HTTPS 服务器检索某些数据时,我收到此证书身份验证错误:
When the code attempts to retrieve some data from an HTTPS server, I get this certificate authentication error:
An error occurred while sending the request. ---> System.Net.Http.CurlException: Peer certificate cannot be authenticated with given CA certificates
at System.Net.Http.CurlHandler.ThrowIfCURLEError(CURLcode error)
at System.Net.Http.CurlHandler.MultiAgent.FinishRequest(StrongToWeakReference`1 easyWrapper, CURLcode messageResult)
HTTPS 服务器是由我们公司 CA 签署的内部证书,所以我知道我可能需要注册内部 CA.
The HTTPS server is internal with certificate signed by our corporate CA, so am aware that I may need to register the internal CA.
到目前为止,我发现的关于此错误的所有信息和 Docker 都在谈论让 docker 本身运行,连接到 repos 等.我的 Docker 工作正常,Web API 在容器外的 Ubuntu 服务器上运行没有问题.
Everything I've found so far about this error and Docker talks to getting docker itself running, connecting to repos etc. My Docker is working fine, and the Web API runs on the Ubuntu server outside of the container without a problem.
1) 我需要在 docker 镜像中添加 CA 根证书吗?
1) Do I need to add a CA root certificate inside a docker image?
2) 如果是这样,我该怎么做?
2) If so, how do I do it?
3) 如果没有,我该如何解决?
3) If not, how do I fix this?
推荐答案
该任务本身并不特定于 docker,因为您也需要在普通系统上添加该 CA.askubuntu 社区 上有关于如何执行此操作的答案.
The task itself is not specific to docker as you would need to add that CA on a normal system too. There is an answer on the askubuntu community on how to do this.
因此,在 Dockerfile 中,您将执行以下操作(不要忘记 chmod如果您使用 root 以外的用户运行容器):
So in a Dockerfile you would do the following (don't forget chmod in case you're running the container with a user other than root):
ADD your_ca_root.crt /usr/local/share/ca-certificates/foo.crt
RUN chmod 644 /usr/local/share/ca-certificates/foo.crt && update-ca-certificates
这篇关于如何在 docker 镜像中添加 CA 根证书?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
