SyntaxFix

[ssl] docker container ssl certificates

Is there any elegant way to add ssl certificates to images that have come from docker pull?.

I'm looking for a simple and reproducible way of adding a file into /etc/ssl/certs and run update-ca-certificates. (This should cover ubuntu and debian images).

I'm using docker on CoreOS, and the coreos machine trusts the needed ssl certificates, but the docker containers obviously only have the default.

I've tried using docker run --entrypoint=/bin/bash to then add the cert and run update-ca-certificates, but this seems to permanently override the entry point.

I'm also wondering now, would it be more elegant to just mount /etc/ssl/certs on the container from the host machines copy? Doing this would implicitly allow the containers to trust the same things as the host.

I'm at work with an annoying proxy that resigns everything :(. Which breaks SSL and makes containers kind-of strange to work with.

This question is related to ssl ssl-certificate docker

The answer is

You can use relative path to mount the volume to container:

docker run -v `pwd`/certs:/container/path/to/certs ...

Note the back tick on the pwd which give you the present working directory. It assumes you have the certs folder in current directory that the docker run is executed. Kinda great for local development and keep the certs folder visible to your project.

As was suggested in a comment above, if the certificate store on the host is compatible with the guest, you can just mount it directly.

On a Debian host (and container), I've successfully done:

docker run -v /etc/ssl/certs:/etc/ssl/certs:ro ...

I am trying to do something similar to this. As commented above, I think you would want to build a new image with a custom Dockerfile (using the image you pulled as a base image), ADD your certificate, then RUN update-ca-certificates. This way you will have a consistent state each time you start a container from this new image.

# Dockerfile
FROM some-base-image:0.1
ADD you_certificate.crt:/container/cert/path
RUN update-ca-certificates

Let's say a docker build against that Dockerfile produced IMAGE_ID. On the next docker run -d [any other options] IMAGE_ID, the container started by that command will have your certificate info. Simple and reproducible.

Source: Stackoverflow.com

Examples related to ssl

Requests (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.") Error in PyCharm requesting website A fatal error occurred while creating a TLS client credential. The internal error state is 10013 curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number How to install OpenSSL in windows 10? ssl.SSLError: tlsv1 alert protocol version Invalid self signed SSL cert - "Subject Alternative Name Missing" "SSL certificate verify failed" using pip to install packages ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749) Powershell Invoke-WebRequest Fails with SSL/TLS Secure Channel "ssl module in Python is not available" when installing package with pip3

Examples related to ssl-certificate

How to install OpenSSL in windows 10? Scraping: SSL: CERTIFICATE_VERIFY_FAILED error for http://en.wikipedia.org Not able to install Python packages [SSL: TLSV1_ALERT_PROTOCOL_VERSION] Letsencrypt add domain to existing certificate javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure bypass invalid SSL certificate in .net core How to add Certificate Authority file in CentOS 7 How to use a client certificate to authenticate and authorize in a Web API This certificate has an invalid issuer Apple Push Services iOS9 getting error “an SSL error has occurred and a secure connection to the server cannot be made”

Examples related to docker

standard_init_linux.go:190: exec user process caused "no such file or directory" - Docker What is the point of WORKDIR on Dockerfile? E: gnupg, gnupg2 and gnupg1 do not seem to be installed, but one of them is required for this operation How do I add a user when I'm using Alpine as a base image? docker: Error response from daemon: Get https://registry-1.docker.io/v2/: Service Unavailable. IN DOCKER , MAC How to fix docker: Got permission denied issue pull access denied repository does not exist or may require docker login Docker error: invalid reference format: repository name must be lowercase Docker: "no matching manifest for windows/amd64 in the manifest list entries" OCI runtime exec failed: exec failed: (...) executable file not found in $PATH": unknown

Tags

Django-permissions C++builder-2007 Bidirectional-relation Linestyle Number-sequence Vimdiff Readwritelock Stability Block Etcpasswd Twitter-gem Microsoft-ajax-minifier Solaris-10 Terminal-server Ef-code-first Normal-distribution Natsort Jgit Lifetime Unreliable-connection Pvrtc Boost-program-options Databasepublishingwizard Uart Cocor Environments App-data Rim-4.6 Datainputstream Mptt Subtext Taction Excel-formula Mscomct2.ocx Partial-postback Piccolo Telerik Network-state Desktop-application Econnect Ngen Cloudmade Sdo Anti-bot Javascript-events Eshell Application-security Interrupted-exception Restriction Working-directory Cyclic-graph Upnp Android-adapter Boost-parameter Resourceproviderfactory Edsdk Msitransform Mouseleftbuttonup Buffer Page-lifecycle Parameter-passing Reverting Eclipse-rcp App-code War Drive-letter Outlook-form Codecharge Nmock2 Algorithmic-trading Ofnhookproc Getproperties Glossaries Wmd-markdown Polymodel Jsf Aspnet-compiler System-analysis Justcode Google-product-search Typeinitializer Cvsnt Bareword System.configuration Dimension-reduction Standard-library Iowait Imagelist Psd Remoteapp Object-detection Writing Rake-test Raiseevent Vliw Udb Kryo Cross-process Preferences Change-tracking