Most large enterprises run their own PKI infrastructure and it’s common to issue internal CA signed certificate to services - The Root CA certificate is pushed to domain-joined workstations with group policy etc.
For non-domain joined services (like linux hosts etc.) it’s common to manually trust root CA cert.
Docker deamon automatically picks up the trusted root CA list from the host and use it as it's trusted CA list... Following commands can be used to add a custom CA certficate as trusted CA in Ubuntu
- Go to /usr/share/ca-certificates/
- Add your custom CA cert to this folder as PEM encoded file with
.crt
extension - sudo update-ca-certificates
Now restart the docker deamon and it should pick up the newly uploaded CA cert