How to fix “SSL certificate problem: self signed certificate in certificate chain” error?

Probably you don’t have correct CA certificates available in the container, so TLS connections can’t be verified.

Try to install ca-certificates package (package may have a different name, it depends on the used distribution).


UPDATE:

Your company inspects TLS connections in the corporate network, so original certificates are replaced by your company certificates. You need to add your company CA certificate to root CA certificates.

Linux (Ubuntu, Debian):

  • copy company CA certificate to dir /usr/local/share/ca-certificates/
  • run sudo update-ca-certificates

If your host OS has already preconfigured CA certs correctly (company CA certs included), then you can just mount them as a volume to the container:

docker run \
  -v /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt \
  ...

Typical CA certs locations:

  • /etc/ssl/certs/ca-certificates.crt Debian/Ubuntu/Gentoo etc.
  • /etc/pki/tls/certs/ca-bundle.crt Fedora/RHEL 6
  • /etc/ssl/ca-bundle.pem OpenSUSE
  • /etc/pki/tls/cacert.pem OpenELEC
  • /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem CentOS/RHEL 7

Leave a Comment

tech