-
Notifications
You must be signed in to change notification settings - Fork 7.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
engine: add instructions for using ca certs with docker #20822
base: main
Are you sure you want to change the base?
Conversation
✅ Deploy Preview for docsdocker ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
7a10194
to
ae9a5c3
Compare
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
ae9a5c3
to
54ba8df
Compare
5. Select **Open**, then choose **Place all certificates in the following store**. | ||
6. Ensure **Trusted Root Certification Authorities** is selected and select **Next**. | ||
7. Select **Finish** and then **Close**. | ||
8. Start Docker Desktop and verify that `docker pull` works, assuming Docker Desktop is configured to use the MITM proxy. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dvdksn want to add this feedback from Nike. They suggested that for Windows, "directly use the Microsoft Management Console (mmc.exe) and the Certificates Snap-In". Based on that, can we add the below instructions in this section (we can retain the above steps that use web browser, but just reorder them. i.e. 1) steps using MMC.exe tool 2) steps using browser.
Add CA certificate using Microsoft Management Console (Windows):
- Download CA certificate for the MITM proxy software.
- Open Microsoft Management Console (mmc.exe)
- Add the Certificates Snap-In in the MMC
- Click File → Add/Remove Snap-in → select Certificates and click Add >
- Select Computer Account and click Next
- Select Local computer and click Finish
- Import the CA certificate
- From the MMC, expand Certificates (Local Computer)
- Expand Trusted Root Certification Authorities
- Right click Certificates and click All Tasks and Import...
- Follow the prompts to import your CA certificate
- Finish and Close
- Start Docker Desktop and verify that docker pull succeeds (assuming Docker Desktop is already configured to use the MITM proxy server).
Note: Depending on the SDK and/or runtime/framework in use, further steps may be required beyond adding the CA certificate to the operating system's trust store.
7. Select **Finish** and then **Close**. | ||
8. Start Docker Desktop and verify that `docker pull` works, assuming Docker Desktop is configured to use the MITM proxy. | ||
|
||
## Add CA certificates to images and containers |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
may be we should call out that these are Linux containers or images (not Windows containers)
Add CA certificates to Linux containers and images
linkTitle: CA certificates | ||
description: Learn how to install and use CA certificates on the Docker host and in Linux containers | ||
keywords: docker, networking, ca, certs, host, container, proxy | ||
--- |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Again a feedback from Nike to include a stern warning:
Best practices should be followed (or Consult your security team ) when using MITM CA certificates in production-released containers. If compromised, attackers could intercept sensitive data, spoof a trusted service, or perform man-in-the-middle attacks.
@dvdksn appreciate if you could incorporate the comments and then we get have a final review from reviewers, merge and publish. Thank you. |
Description
Based on feedback from customers, this PR adds instructions for how to use CA certificates to enable MITM corporate proxies with Docker, both on the host for CLI operations as well as in runtime containers and builds.
Related issues or tickets
https://docker.slack.com/archives/C04300R4G5U/p1725958349187459