I just did a clean install of my local rack, and I’m getting this error during a build:
Packaging source... OK Uploading source... OK Starting build... OK Authenticating registry.convox/server-test: Error response from daemon: Get https://registry.convox/v2/: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "ca.convox")
(Mac, Docker Desktop edge 126.96.36.199, CLI and rack 20190717145705)
What’s weird is that curl seems to accept the certificate:
curl -vv https://registry.convox/v2/
* Trying 0.0.0.0... * TCP_NODELAY set * Connected to registry.convox (127.0.0.1) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/ssl/cert.pem CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Client hello (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Client hello (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server did not agree to a protocol * Server certificate: * subject: O=convox; CN=registry.convox * start date: Jul 30 23:16:57 2019 GMT * expire date: Jul 29 23:16:57 2020 GMT * subjectAltName: host "registry.convox" matched cert's "registry.convox" * issuer: O=convox; CN=ca.convox * SSL certificate verify ok. > GET /v2/ HTTP/1.1 > Host: registry.convox > User-Agent: curl/7.54.0 > Accept: */* > < HTTP/1.1 200 OK < Content-Length: 2 < Content-Type: application/json; charset=utf-8 < Date: Tue, 30 Jul 2019 23:23:53 GMT < Docker-Distribution-Api-Version: registry/2.0 < X-Content-Type-Options: nosniff < * Connection #0 to host registry.convox left intact
I’m not quite sure how this cert authority is handled locally. Do I need to add it to the Keychain?