如何在Windows上忽略Boot2Docker中的证书错误 [英] How to ignore certificate errors in Boot2Docker on windows

问题描述

我有通过virtualbox在Windows上运行的boot2docker 1.4.1。我在代理人的后面是MITM的https证书。我通过在 / var / lib / boot2docker / profile 中添加以下行来配置代理：

 code> export HTTP_PROXY =< proxyhost>：80 
 export HTTPS_PROXY =< proxyhost>：80 
 DOCKER_TLS =否
 EXTRA_ARGS = -  insecure-registry index.docker。 io
  

但是当我运行 docker @ boot2docker：〜$ docker运行hello -world 我得到

 无法找到图片'hello-world：latest'local 
拉存储库hello-world 
 FATA获取https://index.docker.io/v1/repositories/library/hello-world/images 
：x509：未知权限签署的证书
  

请帮助我找出正确的方法来忽略证书错误。谢谢！

解决方案

编辑看起来，新的docker只适用于某些风格的Windows 10 。如果您仍然停留在Windows 7上，我已经更新了以下内容，以反映在安装最新版本的docker-toolbox（ Docker 1.11.2 ）。

---

最后得到这个工作在Windows 7下面的答案在这里：
https://github.com/boot2docker/boot2docker/issues/347

检查这是您的问题，运行 openssl s_client -showcerts ：

  docker @ boot2docker：〜$ openssl s_client -showcerts -CApath。 -connect index.docker.io:443 
  

（编辑：从-showcerts中删除32并更正主机名）

在证书链中，您将看到代理已插入，验证返回类似于此的错误

 验证返回码：19（证书链中的自签名证书）
  

如果您有同样的问题，请尝试以下步骤：

1. 首先，保存所需的证书。以下是在Firefox中使用的步骤，类似于 https://stackoverflow.com/a/6966818/1981358 （Chrome和IE也可以使用证书导出向导工作;注意：在Windows上，PEM证书编码称为Base-64编码X.509（.CER））：
   
   
   
   
   • 在Firefox中，转到 https://hub.docker.com/
   
   
   • 点击地址栏上的锁图标显示证书
   
   
   • 点击更多信息 - >安全 - >查看证书 - >详细信息
   
   
   • 从最上面选择层次结构中的每个节点，然后单击导出和保存（选择X.509证书（PEM）格式）
   
   
   • 将上述文件保存在本地驱动器中的某个位置，将扩展名更改为.pem，并将其移动到您的用户文件夹（或从ssh访问的任何其他位置）
   
   
   
   
   • 创建一个h文件夹旧的证书： docker @ boot2docker：〜$ sudo mkdir / var / lib / boot2docker / certs /
   
   
   • 复制证书文件到该位置： docker @ boot2docker：〜$ sudo cp /c/Users/<username>/<folder>/<proxy-cert>.pem / var / lib / boot2docker / certs /
   
   
   • 创建文件 /var/lib/boot2docker/bootlocal.sh 包含 https://gist.github.com/irgeek/afb2e05775fff532f960 的来源（我只是在Windows中使用Notepad ++创建文件，并将其复制到与上述步骤类似的正确位置）
   
   
   • 退出ssh并重新启动： C：\> docker-机器重新启动
   
   
   • 打开shell docker-machine ssh 并验证更改是否有效： docker运行hello-world
   
   

您应该看到包含以下内容的输出：

  Docker你好。 
此消息显示您的安装似乎正常工作。 
  

I have boot2docker 1.4.1 running on windows via virtualbox. I am behind a proxy that MITMs https certificates. I configured proxy by adding the following lines in /var/lib/boot2docker/profile:

export HTTP_PROXY=<proxyhost>:80
export HTTPS_PROXY=<proxyhost>:80
DOCKER_TLS=no
EXTRA_ARGS="--insecure-registry index.docker.io"

however when I run docker@boot2docker:~$ docker run hello-world I get

Unable to find image 'hello-world:latest' locally
Pulling repository hello-world
FATA[0006] Get https://index.docker.io/v1/repositories/library/hello-world/images
: x509: certificate signed by unknown authority

Please help me figure out the correct way to ignore certificate errors. Thanks!

解决方案

Edit Looks like the new docker only works on certain flavors of Windows 10. If you are still stuck on Windows 7, I have updated the below to reflect the steps I had to go through to correct the 'self signed certificate in certificate chain' error when I installed the latest version of docker-toolbox (Docker 1.11.2).

---

Finally got this working on Windows 7 following the answers here: https://github.com/boot2docker/boot2docker/issues/347

Check that this is your issue by running openssl s_client -showcerts:

docker@boot2docker:~$ openssl s_client -showcerts -CApath . -connect index.docker.io:443

(Edit: removed 32 from -showcerts and corrected host name)

In the certificate chain, you'll see the proxy has inserted itself and the verify returns an error something like this

Verify return code: 19 (self signed certificate in certificate chain)

If you have the same problem then give the steps below a try :

1. First, save the certificate you need. Here are the steps to use in Firefox similar to https://stackoverflow.com/a/6966818/1981358 (Chrome and IE should also work using the Certificate Export Wizard; Note: on Windows, the PEM certificate encoding is called Base-64 encoded X.509 (.CER)):
   • In Firefox, go to https://hub.docker.com/
   • Click on the lock icon on the address bar to display the certificate
   • Click through "More Information" -> "Security" -> "View Certificate" --> "Details"
   • Select each node in the hierarchy beginning with the uppermost one, and click on "Export" and "Save" (select the X.509 Certificate (PEM) format)
   • Save the above files somewhere in your local drive, change the extension to .pem and move them to your user folder (or any other location accessible from ssh)
2. Create a folder to hold the cert(s):docker@boot2docker:~$ sudo mkdir /var/lib/boot2docker/certs/
3. Copy the cert files(s) to that location: docker@boot2docker:~$ sudo cp /c/Users/<username>/<folder>/<proxy-cert>.pem /var/lib/boot2docker/certs/
4. Create the file /var/lib/boot2docker/bootlocal.sh and include the source from https://gist.github.com/irgeek/afb2e05775fff532f960 (I just created the file in Windows using Notepad++ and copied it to the correct location similar to the above step)
5. Exit ssh and restart: C:\>docker-machine restart
6. Open the shell docker-machine ssh and verify the changes worked: docker run hello-world

You should see output which contains something like:

Hello from Docker.
This message shows that your installation appears to be working correctly.

这篇关于如何在Windows上忽略Boot2Docker中的证书错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！