适用于Mac的Docker:x509:由未知权限错误签名的证书
我在Mac上使用最新的Docker(本机),只是试图做到这一点:
docker run -d -p 8888:8888 jupyter/all-spark-notebook
但是我得到了以下错误:
Unable to find image 'jupyter/all-spark-notebook:latest' locally latest: Pulling from jupyter/all-spark-notebook fdd5d7827f33: Pull complete a3ed95caeb02: Pull complete f08e494cf5cc: Pull complete 6548f4aff175: Downloading d762b5abb43e: Download complete c841d1ad6a8e: Download complete 78ff99539390: Download complete 99dfa5547e73: Download complete 408ccccf138d: Download complete 0f7e4eccd74d: Download complete 9177afc586c3: Download complete b474b13b1b14: Download complete f204d6cd4f55: Downloading a8a42c20abb9: Download complete 9ac0b73ff157: Downloading 0553d92e0f21: Downloading dfaa7db17378: Download complete 262fc767b542: Download complete a21800239eaa: Download complete afe6294b97d7: Download complete 3d4589d060ea: Download complete b81971b6c8e4: Download complete 9daebe0247b8: Downloading ce63d084a226: Downloading 73eb272114bc: Download complete b2c0c287ae3a: Download complete f306272598a0: Downloading 04882c9afb9d: Downloading docker: x509: certificate signed by unknown authority. See 'docker run --help'.
我在公司VPN内部这样做,所以它在防火墙/代理之后。 如果我离开VPN来拉图像,然后回到VPN运行,那就好了。
但是,我确实需要解决这个问题,因为我在公司内部工作很多,不能在工作中断开VPN。 我试过谷歌,发现像这个https://github.com/docker/docker/issues/6474许多Github问题,但没有解决这个问题。 我已经尝试docker run -d -p 8888:8888 jupyter/all-spark-notebook --insecure-registry https://index.docker.io:8888 ,它也没有工作。
以下是基于人们正在检查的一些输出:
openssl s_client -connect index.docker.io:443输出:
CONNECTED(00000003) depth=1 /C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3 verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain 0 s:/OU=GT98568428/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=*.docker.io i:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3 1 s:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3 i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA --- Server certificate -----BEGIN CERTIFICATE----- MIIEpDCCA4ygAwIBAgIDAyF3MA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlVT ... YMYqJP5MkuAKzDL5u0b8mD/EHtoPkfWOIsA5i9YrAAoWRVOJHwfFfgSY+EpXpFc4 AZUPmdZGh6q1YNavRoOL/1D5aP/VBBtofj54uMbKOK8q6vxIXSyzaw== -----END CERTIFICATE----- subject=/OU=GT98568428/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=*.docker.io issuer=/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3 --- No client certificate CA names sent --- SSL handshake has read 2429 bytes and written 456 bytes --- New, TLSv1/SSLv3, Cipher is AES128-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : AES128-SHA Session-ID: F2A7D08F3628FFC3334DBFF7698E05CC5027A61F4F88914E541F466FD6004702 Session-ID-ctx: Master-Key: 1EF9EB10A666597135CA6D5F14F10C717483C4C3873288281D0156410FE93C232E494A0935AA416EA736AE8CBDFBD925 Key-Arg : None Start Time: 1462855143 Timeout : 300 (sec) Verify return code: 0 (ok) --- HTTP/1.0 408 Request Time-out Cache-Control: no-cache Connection: close Content-Type: text/html <html><body><h1>408 Request Time-out</h1> Your browser didn't send a complete request in time. </body></html> closed
和openssl s_client -showcerts -verify 32 -CApath . -connect index.docker.io:443 openssl s_client -showcerts -verify 32 -CApath . -connect index.docker.io:443输出这个:
verify depth is 32 CONNECTED(00000003) depth=1 /C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3 verify error:num=20:unable to get local issuer certificate verify return:1 depth=1 /C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3 verify error:num=27:certificate not trusted verify return:1 depth=0 /OU=GT98568428/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=*.docker.io verify return:1 --- Certificate chain 0 s:/OU=GT98568428/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=*.docker.io i:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3 -----BEGIN CERTIFICATE----- MIIEpDCCA4ygAwIBAgIDAyF3MA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlVT ... YMYqJP5MkuAKzDL5u0b8mD/EHtoPkfWOIsA5i9YrAAoWRVOJHwfFfgSY+EpXpFc4 AZUPmdZGh6q1YNavRoOL/1D5aP/VBBtofj54uMbKOK8q6vxIXSyzaw== -----END CERTIFICATE----- 1 s:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3 i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA -----BEGIN CERTIFICATE----- MIIEJTCCAw2gAwIBAgIDAjp3MA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT ... ZI3NjGFVkP46yl0lD/gdo0p0Vk8aVUBwdSWmMy66S6VdU5oNMOGNX2Esr8zvsJmh gP8L8mJMcCaY -----END CERTIFICATE----- --- Server certificate subject=/OU=GT98568428/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=*.docker.io issuer=/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3 --- No client certificate CA names sent --- SSL handshake has read 2429 bytes and written 456 bytes --- New, TLSv1/SSLv3, Cipher is AES128-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : AES128-SHA Session-ID: 04E8384F625F401B53C8ACA4D1F68A4EC300C0039ABE6C4117DE97C721B58DB2 Session-ID-ctx: Master-Key: F08AD33B9D234A31DB7A9940A1CA6C4EC1FD780871F117780108E7F39909487B647FEBC5643BF1F2ADC5377407968D8C Key-Arg : None Start Time: 1462857210 Timeout : 300 (sec) Verify return code: 27 (certificate not trusted) --- ^C
有人可以帮我找出一个解决scheme,而无需断开VPN的拉动图像,并返回到每次运行?