Bobcares

Docker x509: certificate signed by unknown authority | Resolved

by | Dec 21, 2021

Docker x509: certificate signed by unknown authority resolved in a jiffy.

At Bobcares, we offer solutions for every query, big and small, as a part of our Server Management Service.

Let’s take a look at how our Support Team recently helped a customer with the Docker x509 error: certificate signed by unknown authority.

What is the Certificate signed by unknown authority error?

We have been receiving queries where our customers find themselves unable to login to docker after installing IBM Cloud Private. Interestingly, they do not have an issue prior to the installation. The following error response pops in these scenarios:

docker login mycluster.icp:8500
Username: admin
Password:
Error response from daemon: Get https://x.x.x.x:8500/v2/: x509: certificate signed by unknown authority

Docker x509: certificate signed by unknown authority

According to our Support Engineers, this specific error is due to upgrading the Docker client during ICP installation along with adding the ICP CA certificate.

How to resolve Docker x509: certificate signed by unknown authority error

In order to resolve this error, we have to import the CA certificate in use by the ICP into the system keystore. Then, we have to restart the Docker client for the changes to take effect. However, the steps differ for different operating systems.

For instance, for Redhat 7.7:

  1. First, we have to locate the CA certificate. We can find it in the /opt/ibm-cloud-private-3.2.0/cluster/cfc-certs/etcd/ca.pem location.
  2. Then, we will save a copy of the CA certificate in the system truststore directory. Then we will update the CA trust.
    cp /opt/ibm-cloud-private-3.2.0/cluster/cfc-certs/etcd/ca.pem /etc/pki/ca-trust/source/anchors
    update-ca-trust
  3. Finally, we will restart the Docker client with the following command:
    sysctl restart docker

This ensures that we won’t run into this specific Docker error anymore.

[Looking for a solution to another query? We are just a click away.]

Conclusion

To sum up, the skilled Support Engineers at Bobcares demonstrated how to deal with the certificate signed by unknown authority error.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.