x509：由未知权限签署的证书 - 无论是docker还是github [英] x509: certificate signed by unknown authority - both with docker and with github

问题描述

docker build -t oreng / iojs。

  INFO [ 0000]获取https://index.docker.io/v1/repositories/library/iojs/images：x509：由不明权限签名的证书。 
  

我的Dockerfile是

  FROM iojs：最新
 RUN useradd -ms / bin / bash开发人员
 WORKDIR / home /开发人员
 USER开发人员
  / pre> 
 
 
另外 hub创建（使用 https://github.com/github/hub ）
 发布https ：//api.github.com/user/repos：x509：由未知权限签署的证书
  
 
 
解决方案
如  crypto / x509 / root_unix.go  ，Go（这是Docker使用的）将在
 / etc / ssl / certs / ca-certificates.crt，// Debian / Ubuntu / Gentoo等
/etc/pki/tls/certs/ca-bundle.crt，/ / Fedora / RHEL 
/etc/ssl/ca-bundle.pem，// OpenSUSE 
/etc/ssl/cert.pem，/ / OpenBSD 
/usr/local/share/certs/ca-root-nss.crt，// FreeBSD / DragonFly 
/etc/pki/tls/cacert.pem，// OpenELEC 
/etc/certs/ca-certificates.crt，// Solaris 11.2+ 
  
确保这些文件可用且未损坏。
 
 
 
还可以与CDN的零星问题，如此评论 ：
 
 
因为现在它的工作原理：+1：。它必须是一个亚马逊的边缘
 
 
最后一个线程还包括以下检查：
 
 
报告问题的用户不具有这些文件，或者这些文件不包含 rapidssl  cert。
 
我们可以要求他们向我们发送这些文件，并检查是否包含证书。
 
用户还可以尝试以下方式：
 
 
 
 
 
  openssl s_client -showcerts -verify 32 -connect index.docker.io:443 
  
 
 
 
 
 
如果失败，证书丢失。
 
 
关于GitHub，请注意，目前正在进行大规模DDoS攻击，这可能会在证书问题旁边产生其他副作用。
 
docker build -t oreng/iojs .
INFO[0000] Get https://index.docker.io/v1/repositories/library/iojs/images: x509: certificate signed by unknown authority. 
my Dockerfile is
FROM iojs:latest
RUN useradd -ms /bin/bash developer
WORKDIR /home/developer
USER developer
Also hub create (using https://github.com/github/hub)
Post https://api.github.com/user/repos: x509: certificate signed by unknown authority 

解决方案
As mentioned in crypto/x509/root_unix.go, Go (which is what Docker uses) will check CA certificates in
"/etc/ssl/certs/ca-certificates.crt",     // Debian/Ubuntu/Gentoo etc.
"/etc/pki/tls/certs/ca-bundle.crt",       // Fedora/RHEL
"/etc/ssl/ca-bundle.pem",                 // OpenSUSE
"/etc/ssl/cert.pem",                      // OpenBSD
"/usr/local/share/certs/ca-root-nss.crt", // FreeBSD/DragonFly
"/etc/pki/tls/cacert.pem",                // OpenELEC
"/etc/certs/ca-certificates.crt",         // Solaris 11.2+
Make sure those files are available and not corrupted.

There can be also sporadic issue with the CDN, as in this comment:

  
because now it works :+1: . It must be a amazon edge isssue 
The last thread also includes the following check:

  
The user reporting the issue either has non of those files or those files don't include the rapidssl cert.

  We could ask them to send us those files and check if the certificate is included.

  The user may also try this:


openssl s_client -showcerts -verify 32 -connect index.docker.io:443



  
If that fails, the certificates are missing.
Regarding GitHub, be aware it is under a massive DDoS attack at the moment, which could have other side-effects beside the certificate issue.

                        
这篇关于x509：由未知权限签署的证书 - 无论是docker还是github的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！