Re: zCX Issues

2020-08-18 Thread Timothy Sipples 
You're probably getting that error message because Docker cannot validate 
the (public) TLS server certificate when trying to establish the HTTPS 
connection to your private registry. If that's the problem, to fix it 
you'll need to get the public server certificate, add it to your z/OS 
Container Extensions configuration (via the z/OSMF workflow), then restart 
your zCX instance(s).

If I'm correct, just follow the instructions in the redbook:

http://www.redbooks.ibm.com/redbooks/pdfs/sg248457.pdf

The private registry section is Chapter 6. Refer to Section 6.5, and 
particularly page 122 step 2(b), for the z/OSMF steps. Also please take 
note of the note at the top of page 123. Much of the rest of Chapter 6 is 
also likely helpful.

If you've tried all that already, please post a follow-up. You should also 
be able to open a problem incident (PMR) with IBM z/OS Support if you 
suspect a defect.

- - - - - - - - - -
Timothy Sipples
I.T. Architect Executive
Digital Asset & Other Industry Solutions
IBM Z & LinuxONE
- - - - - - - - - -
E-Mail: sipp...@sg.ibm.com

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

zCX Issues

2020-08-18 Thread Michael Babcock 
We have a zCX instance up and running and have created a Docker ID 
(Docker admin ID, not a Docker User).  We are trying to pull an image 
from our internal docker repository but are getting a certificate 
error.    I have our internal corporate root cert (and intermediate 
cert) defined when I defined the zCX instance.


Can we specify a different location for our certs when signed into the 
Docker admin ID when using the Pull command?  Or am I missing something 
in the config.  There are no firewalls/proxies between our internal 
docker hub and the zCX instance


(I’ve scrubbed the server names)

The curl command works.

curl -vv -s https://our_server.com/v2/

But the docker pull command fails.

Error response from daemon: Get https://our_server.com/v2/ 
: x509: certificate signed by unknown authority


Anyone?

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN