Failed to pull image docker-local/sampleimage:v1.0.0dev-1, error API error (500)

Failed to pull image docker-local/sampleimage:v1.0.0dev-1, error API error (500)

8941
Created On 11/18/19 18:19 PM - Last Modified 12/20/19 18:44 PM


Symptom


x509 error If you find that your images are not able to be scanned because of an error like the following:
 
Failed to pull image docker-local/sampleimage:v1.0.0dev-1, error API error (500): Get https://myconsole.twistlock.com/v2/: x509: certificate signed by unknown authority

This most likely means that you have a self-signed certificate that the underlying docker daemon on the defender host does not trust. This can also happen if you have set up Artifactory as an insecure registry.

Environment


Twistlock version: Any version

Cause


Steps to confirm the issue. If you go to the host that the Twistlock Defender is running on and try to pull your Artifactory images, you should receive the same error

Resolution


You will need to add your trusted self-signed cert to the docker daemon. Specify the URL of the insecure registry on the machine where the registry scanning Defender runs, then restart the Docker service. For more information, see the Docker documentation.

Additional Information


If you do not have a host that is able to access the underlying docker daemon, you will need to find other ways to get your host to trust the Artifactory instance. Please consult the Artifactory documentation for these steps.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PNWrCAO&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail