x509:由未知权限签署的证书 - 无论是docker还是github [英] x509: certificate signed by unknown authority - both with docker and with github
问题描述
docker build -t oreng / iojs。
INFO [ 0000]获取https://index.docker.io/v1/repositories/library/iojs/images:x509:由不明权限签名的证书。
我的Dockerfile是
FROM iojs:最新
/ pre>
RUN useradd -ms / bin / bash开发人员
WORKDIR / home /开发人员
USER开发人员
另外
hub创建
(使用 https://github.com/github/hub )发布https ://api.github.com/user/repos:x509:由未知权限签署的证书
解决方案如
crypto / x509 / root_unix.go
,Go(这是Docker使用的)将在/ etc / ssl / certs / ca-certificates.crt,// Debian / Ubuntu / Gentoo等
/etc/pki/tls/certs/ca-bundle.crt,/ / Fedora / RHEL
/etc/ssl/ca-bundle.pem,// OpenSUSE
/etc/ssl/cert.pem,/ / OpenBSD
/usr/local/share/certs/ca-root-nss.crt,// FreeBSD / DragonFly
/etc/pki/tls/cacert.pem,// OpenELEC
/etc/certs/ca-certificates.crt,// Solaris 11.2+
确保这些文件可用且未损坏。
因为现在它的工作原理:+1:。它必须是一个亚马逊的边缘
最后一个线程还包括以下检查:
报告问题的用户不具有这些文件,或者这些文件不包含
rapidssl
cert。
我们可以要求他们向我们发送这些文件,并检查是否包含证书。
用户还可以尝试以下方式:
openssl s_client -showcerts -verify 32 -connect index.docker.io:443
如果失败,证书丢失。
关于GitHub,请注意,目前正在进行大规模DDoS攻击,这可能会在证书问题旁边产生其他副作用。
docker build -t oreng/iojs .
INFO[0000] Get https://index.docker.io/v1/repositories/library/iojs/images: x509: certificate signed by unknown authority.
my Dockerfile is
FROM iojs:latest RUN useradd -ms /bin/bash developer WORKDIR /home/developer USER developer
Also
hub create
(using https://github.com/github/hub)Post https://api.github.com/user/repos: x509: certificate signed by unknown authority
解决方案As mentioned in
crypto/x509/root_unix.go
, Go (which is what Docker uses) will check CA certificates in"/etc/ssl/certs/ca-certificates.crt", // Debian/Ubuntu/Gentoo etc. "/etc/pki/tls/certs/ca-bundle.crt", // Fedora/RHEL "/etc/ssl/ca-bundle.pem", // OpenSUSE "/etc/ssl/cert.pem", // OpenBSD "/usr/local/share/certs/ca-root-nss.crt", // FreeBSD/DragonFly "/etc/pki/tls/cacert.pem", // OpenELEC "/etc/certs/ca-certificates.crt", // Solaris 11.2+
Make sure those files are available and not corrupted.
There can be also sporadic issue with the CDN, as in this comment:
because now it works :+1: . It must be a amazon edge isssue
The last thread also includes the following check:
The user reporting the issue either has non of those files or those files don't include the
rapidssl
cert.
We could ask them to send us those files and check if the certificate is included.
The user may also try this:
openssl s_client -showcerts -verify 32 -connect index.docker.io:443
If that fails, the certificates are missing.
Regarding GitHub, be aware it is under a massive DDoS attack at the moment, which could have other side-effects beside the certificate issue.
这篇关于x509:由未知权限签署的证书 - 无论是docker还是github的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!