【发布时间】:2022-11-20 11:38:55
【问题描述】:
At work (i.e. within an enterprise environment), I have a web server written in Golang and it's running fine locally; then I dockerize the app; but when running the app in a container, got an error: x509: certificate signed by unknown authority from where it made https request to aninternalremote api.
Guess that means I am missing a step to add a proper certificate in the Dockerfile.
Should I find where the certificate is on my local machine and copy it into the Docker file? Is it a common practice to do so? If not, what else can I do?
Also, since it works fine locally, it must know where to look for the certificates and find one successfully. How does it know which certificate to use if there are multiple certificates on my machine?
【问题讨论】:
-
Is remote API a public one, or some internal (to the enterprise) endpont?
-
@DusanBajic it's an internal remote api
-
which container OS is your docker image using?
-
@DusanBajic it's using Debain
-
As a general guidance: you need to get (export to a file) the remote API root CA cert (either from your local truststore or by fetching it directly from the remote endpoint). Then you need to place that file into your container truststore and import it
标签: docker go ssl https client-certificates