将可信的CA添加到Debian / Ubuntu映像
我正在尝试在https://askubuntu.com/a/94861/88763或http://blog.bigon.be/2014/03中描述的在Debian / nodejs容器中将CA证书部署为受信任的根证书/ 22 /添加一个新的证书到证书存储在debian /但它没有明显的原因失败。 我的Dockerfile:
FROM debian:jessie # or buildpack-deps:jessie or node:5 RUN apt-get update -y && \ apt-get install ca-certificates netcat strace wget -y ADD rootCa.pem /usr/local/share/ca-certificates/rootCa.crt RUN update-ca-certificates --verbose CMD ["netcat", "-l", "12345"] # just to keep the container running 当build立容器时,它实际上告诉我一个证书被添加( 1 added, 0 removed; done.但是,当我尝试使用wget的根CA时,找不到:
$ sudo docker exec -it cleanslatehg_catests_1 wget https://foo.v3.testing converted 'https://foo.v3.testing' (ANSI_X3.4-1968) -> 'https://foo.v3.testing' (UTF-8) --2016-02-02 15:11:33-- https://foo.v3.testing/ Resolving foo.v3.testing (foo.v3.testing)... 172.19.0.7 Connecting to foo.v3.testing (foo.v3.testing)|172.19.0.7|:443... connected. ERROR: The certificate of 'foo.v3.testing' is not trusted.
使用Ubuntu基础镜像,我可以成功访问https://foo.v3.testing :
FROM ubuntu RUN apt-get update -y && \ apt-get install ca-certificates netcat strace wget -y ADD rootCa.pem /usr/local/share/ca-certificates/rootCa.crt RUN update-ca-certificates --verbose CMD ["netcat", "-l", "12345"] $ sudo docker exec -it cleanslatehg_catests_1 wget https://foo.v3.testing --2016-02-02 15:23:17-- https://foo.v3.testing/ Resolving foo.v3.testing (foo.v3.testing)... 172.19.0.7 Connecting to foo.v3.testing (foo.v3.testing)|172.19.0.7|:443... connected. HTTP request sent, awaiting response... 200 OK […] 2016-02-02 15:23:17 (33.9 MB/s) - 'index.html' saved [170/170]