将可信CA添加到Debian / Ubuntu映像

时间:2016-02-02 15:25:08

标签: ssl docker debian

我尝试在[{3}}或https://askubuntu.com/a/94861/88763中描述的Debian / nodejs容器中将CA证书部署为受信任的根证书,但它没有明显原因而失败。我的Dockerfile:

FROM debian:jessie # or buildpack-deps:jessie or node:5
RUN apt-get update -y && \
    apt-get install ca-certificates netcat strace wget -y
ADD rootCa.pem /usr/local/share/ca-certificates/rootCa.crt
RUN update-ca-certificates --verbose

CMD ["netcat", "-l", "12345"] # just to keep the container running

构建容器时,它实际上告诉我添加了证书(1 added, 0 removed; done.)尽管如此,当我尝试将根CA与wget一起使用时,找不到它:

$ sudo docker exec -it cleanslatehg_catests_1 wget https://foo.v3.testing
converted 'https://foo.v3.testing' (ANSI_X3.4-1968) -> 'https://foo.v3.testing' (UTF-8)
--2016-02-02 15:11:33--  https://foo.v3.testing/
Resolving foo.v3.testing (foo.v3.testing)... 172.19.0.7
Connecting to foo.v3.testing (foo.v3.testing)|172.19.0.7|:443... connected.
ERROR: The certificate of 'foo.v3.testing' is not trusted.

使用Ubuntu基本映像,我可以成功访问http://blog.bigon.be/2014/03/22/add-a-new-ca-certificate-to-the-certificates-stash-in-debian/

FROM ubuntu
RUN apt-get update -y && \
    apt-get install ca-certificates netcat strace wget -y
ADD rootCa.pem /usr/local/share/ca-certificates/rootCa.crt
RUN update-ca-certificates --verbose

CMD ["netcat", "-l", "12345"]

$ sudo docker exec -it cleanslatehg_catests_1 wget https://foo.v3.testing
--2016-02-02 15:23:17--  https://foo.v3.testing/
Resolving foo.v3.testing (foo.v3.testing)... 172.19.0.7
Connecting to foo.v3.testing (foo.v3.testing)|172.19.0.7|:443... connected.
HTTP request sent, awaiting response... 200 OK
[…]
2016-02-02 15:23:17 (33.9 MB/s) - 'index.html' saved [170/170]

0 个答案:

没有答案
相关问题
最新问题