Created
May 22, 2017 09:16
-
-
Save athurg/c1bbd2ba10a0bc68f9407dab65ff4ff2 to your computer and use it in GitHub Desktop.
如何在Ubuntu下添加信任的CA证书,并让Docker pull也信任
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| #说明: | |
| # 在Ubuntu中,Docker在pull image时,所使用的CA证书和ubuntu系统的一致。 | |
| # 所以,要想docker pull时使用自己的CA证书签名的证书,最简单的方式就是在系统中添加CA。 | |
| # 当然,Docker文档中也提到了一些仅仅添加到Docker(而不是全系统)的方式,实测下来貌似没用。 | |
| # 直接将CA添加到Ubuntu系统中,并让Docker pull生效,需要三个步骤 | |
| # 第一步,添加CA文件,注意,这里目标文件名必须以crt结束 | |
| cp path/to/your_ca.crt /usr/local/share/ca-certificates/xxx.crt | |
| # 第二步,更新系统的CA库,这一步应该会有类似下面的提示,表示此次添加了一个新证书。 | |
| # Updating certificates in /etc/ssl/certs... | |
| # 1 added, 0 removed; done. | |
| # Running hooks in /etc/ca-certificates/update.d... | |
| # Adding debian:xxx.pem | |
| # 这一步完成后,可以直接调用curl https://xxxx.com来验证是否成功 | |
| sudo update-ca-certificates | |
| # 第三步,重启Docker | |
| sudo systemctl restart docker |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment