engine: add instructions for using ca certs with docker #20822
Conversation
✅ Deploy Preview for docsdocker ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
dvdksn
force-pushed
the
install-root-ca
branch
from
7a10194
to
ae9a5c3
Compare
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
dvdksn
force-pushed
the
install-root-ca
branch
from
ae9a5c3
to
54ba8df
Compare
dvdksn
requested review from
a team
and removed request for
savannahostrowski
github-actions
bot
added
area/engine
| 5. Select **Open**, then choose **Place all certificates in the following store**. | ||
| 6. Ensure **Trusted Root Certification Authorities** is selected and select **Next**. | ||
| 7. Select **Finish** and then **Close**. | ||
| 8. Start Docker Desktop and verify that `docker pull` works, assuming Docker Desktop is configured to use the MITM proxy. |
There was a problem hiding this comment.
@dvdksn want to add this feedback from Nike. They suggested that for Windows, "directly use the Microsoft Management Console (mmc.exe) and the Certificates Snap-In". Based on that, can we add the below instructions in this section (we can retain the above steps that use web browser, but just reorder them. i.e. 1) steps using MMC.exe tool 2) steps using browser.
Add CA certificate using Microsoft Management Console (Windows):
- Download CA certificate for the MITM proxy software.
- Open Microsoft Management Console (mmc.exe)
- Add the Certificates Snap-In in the MMC
- Click File → Add/Remove Snap-in → select Certificates and click Add >
- Select Computer Account and click Next
- Select Local computer and click Finish
- Import the CA certificate
- From the MMC, expand Certificates (Local Computer)
- Expand Trusted Root Certification Authorities
- Right click Certificates and click All Tasks and Import...
- Follow the prompts to import your CA certificate
- Finish and Close
- Start Docker Desktop and verify that docker pull succeeds (assuming Docker Desktop is already configured to use the MITM proxy server).
Note: Depending on the SDK and/or runtime/framework in use, further steps may be required beyond adding the CA certificate to the operating system's trust store.
| 7. Select **Finish** and then **Close**. | ||
| 8. Start Docker Desktop and verify that `docker pull` works, assuming Docker Desktop is configured to use the MITM proxy. | ||
|
|
||
| ## Add CA certificates to images and containers |
There was a problem hiding this comment.
may be we should call out that these are Linux containers or images (not Windows containers)
Add CA certificates to Linux containers and images
| linkTitle: CA certificates | ||
| description: Learn how to install and use CA certificates on the Docker host and in Linux containers | ||
| keywords: docker, networking, ca, certs, host, container, proxy | ||
| --- |
There was a problem hiding this comment.
Again a feedback from Nike to include a stern warning:
Best practices should be followed (or Consult your security team ) when using MITM CA certificates in production-released containers. If compromised, attackers could intercept sensitive data, spoof a trusted service, or perform man-in-the-middle attacks.
|
@dvdksn appreciate if you could incorporate the comments and then we get have a final review from reviewers, merge and publish. Thank you. |
Description
Based on feedback from customers, this PR adds instructions for how to use CA certificates to enable MITM corporate proxies with Docker, both on the host for CLI operations as well as in runtime containers and builds.
Related issues or tickets
https://docker.slack.com/archives/C04300R4G5U/p1725958349187459