Import own CA root certificate into Docker container

I use a FreeIPA server on a CentOS machine. It also works as a Certification Authority.

A few HTTP services are running with certificates issued by FreeIPA and everything works well.

I have another CentOS server, connected to my domain, that has the FreeIPA root certificate setup correctly. When I curl https://freeipa.example.com directly from that server I encounter no issue.

But this server also runs Docker containers, that seem to have issues to connect to the httpd servers running with my FreeIPA certificates.

When I run curl https://freeipa.example.com I have the following issue: curl: (60) SSL certificate problem: unable to get local issuer certificate.

It seems that Docker doesn't care about the root certificate that is setup into the CentOS server to connect to FreeIPA.

How can I solve this issue ?

You would need to pass the CA to the container and add it to the container trust list. This could be done at runtime (with the container action, such as a bash or powershell script, or running the container interactively) or by creating an updated image (with docker build on a dockerfile or docker commit on a running container that has been modified to your need).

If I’m understanding correctly, the docker host trusts the certificate but the container does not? If so, you would need to pass the CA to the container and add it to the container trust list. This could be done at runtime or by creating an updated image.

you’re correct. I found that afterwards, but I’ll let you make an answer of it :).