I have boot2docker 1.4.1 running on windows via virtualbox. I am behind a proxy that MITMs https certificates. I configured proxy by adding the following lines in /var/lib/boot2docker/profile:

export HTTP_PROXY=<proxyhost>:80
export HTTPS_PROXY=<proxyhost>:80
DOCKER_TLS=no
EXTRA_ARGS="--insecure-registry index.docker.io"

however when I run docker@boot2docker:~$ docker run hello-world I get

Unable to find image 'hello-world:latest' locally
Pulling repository hello-world
FATA[0006] Get https://index.docker.io/v1/repositories/library/hello-world/images
: x509: certificate signed by unknown authority

Please help me figure out the correct way to ignore certificate errors. Thanks!

Edit Looks like the new docker only works on certain flavors of Windows 10. If you are still stuck on Windows 7, I have updated the below to reflect the steps I had to go through to correct the 'self signed certificate in certificate chain' error when I installed the latest version of docker-toolbox (Docker 1.11.2).

Finally got this working on Windows 7 following the answers here: https://github.com/boot2docker/boot2docker/issues/347

Check that this is your issue by running openssl s_client -showcerts:

docker@boot2docker:~$ openssl s_client -showcerts -CApath . -connect index.docker.io:443

(Edit: removed 32 from -showcerts and corrected host name)

In the certificate chain, you'll see the proxy has inserted itself and the verify returns an error something like this

Verify return code: 19 (self signed certificate in certificate chain)

If you have the same problem then give the steps below a try :

1. First, save the certificate you need. Here are the steps to use in Firefox similar to https://mcmap.net/q/14308/-ssl-certificate-rejected-trying-to-access-github-over-https-behind-firewall (Chrome and IE should also work using the Certificate Export Wizard; Note: on Windows, the PEM certificate encoding is called Base-64 encoded X.509 (.CER)):
   • In Firefox, go to https://hub.docker.com/
   • Click on the lock icon on the address bar to display the certificate
   • Click through "More Information" -> "Security" -> "View Certificate" --> "Details"
   • Select each node in the hierarchy beginning with the uppermost one, and click on "Export" and "Save" (select the X.509 Certificate (PEM) format)
   • Save the above files somewhere in your local drive, change the extension to .pem and move them to your user folder (or any other location accessible from ssh)
2. Create a folder to hold the cert(s):docker@boot2docker:~$ sudo mkdir /var/lib/boot2docker/certs/
3. Copy the cert files(s) to that location: docker@boot2docker:~$ sudo cp /c/Users/<username>/<folder>/<proxy-cert>.pem /var/lib/boot2docker/certs/
4. Create the file /var/lib/boot2docker/bootlocal.sh and include the source from https://gist.github.com/irgeek/afb2e05775fff532f960 (I just created the file in Windows using Notepad++ and copied it to the correct location similar to the above step)
5. Exit ssh and restart: C:\>docker-machine restart
6. Open the shell docker-machine ssh and verify the changes worked: docker run hello-world

You should see output which contains something like:

Hello from Docker.
This message shows that your installation appears to be working correctly.

If you have Docker for Windows on Windows 10, and you're getting the "x509: certificate signed by unknown authority" error, you can try this:

1. Run Docker for Windows.
2. After some time, you'll see the docker icon in the Windows notification area (bottom right)
3. Right-click the icon and select "Settings..."
4. The settings window will open. Select "Docker Daemon" on the left.
5. Add your private registry to the "insecure-registries" collection in the textbox that shows the configuration in JSON format. Then click "Apply".