Harbor: docker login - x509: certificate signed by unknown authority

Created on 18 Jan 2019  Â·  6Comments  Â·  Source: goharbor/harbor

I can acess harbor in web browser without problem and my certicate is ok but I have error on docker login

Versions:
Please specify the versions of following systems.

  • harbor version: [1.7.1]
  • docker engine version: [18.06.1-ce]
  • docker-compose version: [1.23.2]
  • Linux AMAZON AMI: [ ami-09e634f7b62baee65]

sudo amazon-linux-extras enable docker
sudo amazon-linux-extras install docker -y

Additional context:
no error in logs

docker login my.intranet.com
Username: admin
Password: Harbor12345
Error response from daemon: Get https://my.intranet.com/v2/: x509: certificate signed by unknown authority

picture jcmartins
👍3

Most helpful comment

@jcmartins
were you able to find a workaround?
I have the same problem.

picture tirelibirefe on 30 Dec 2019
👍9

All 6 comments

This means your docker client does not trust the certificate of "my.intranet.com"
You need to put the root cert on the host of the docker client.

More details please refer to:
https://docs.docker.com/engine/security/certificates/

reasonerjt picture reasonerjt on 21 Jan 2019

Closing this one out @jcmartins – please don't hesitate to ping us if you have any more questions. Happy to re-open if needed.

ghost picture ghost on 29 Jan 2019

@jcmartins
were you able to find a workaround?
I have the same problem.

tirelibirefe picture tirelibirefe on 30 Dec 2019
👍9

Does any one know, how this was fixed?
I followed this link: https://docs.docker.com/engine/security/certificates/ but it does not work at all.

udautkarsh picture udautkarsh on 21 Feb 2020
👍1

Did you try to restart docker.service in client? First of all, install your Harbor private CA certificate in client machine. Then, restart docker in that client machine also. For instance, in Ubuntu 18.04:

scp harborhost:/harbor/cert/path/ca.crt /usr/local/share/ca-certificate/ca.crt
sudo update-ca-certificates
sudo systemctl restart docker.service

I think that harbor document should supplement this in https://goharbor.io/docs/2.0.0/install-config/configure-https/ or https://goharbor.io/docs/2.0.0/install-config/troubleshoot-installation#https.

soulawaker picture soulawaker on 15 May 2020
👍3 👎1

You can simply solve it when you add to harbor.yml config file before installation in _certificate_ option path to intermediate certificate file which contents server certificate and CA certificate afterwards. After installation this certs are copied somewhere to _/secret/cert/_ but I am not sure if this is only one location for them.

xjuric29 picture xjuric29 on 6 Aug 2020
👎1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

pingcrosby picture pingcrosby  Â·  3Comments
cten picture cten  Â·  3Comments
xiaosadexiaohai picture xiaosadexiaohai  Â·  3Comments
reasonerjt picture reasonerjt  Â·  3Comments
moooofly picture moooofly  Â·  3Comments