Hi there,

This is my first post, but I’m really frustrated trying to pull behind zscaler proxy using Windows WSL2

Have you ever experience this issue before? I think I’ve configured everything properly, but obviously I didn’t:

Handler for POST /v1.41/images/create returned error: Get “https://registry-1.docker.io/v2/”: proxyconnect tcp: x509: certificate is valid for *.zscaler.net

Likelly missing the Zscaler certifciate inside docker.
Go to Zscaler help and looks for Adding Custom Certificate to an Application Specific, there is an article how to import certificate for at least 14 Applications that user it’s own certificate store.

Thanks… I could have missed something, but I think that’s not the case. I’ve added the Root certificate along with the specific one into /etc/docker/certs.d/registry-1.docker.io folder.

I used following command to get the certificate:

echo | openssl s_client -servername registry-1.docker.io -connect .zscaler.net:443 |sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’ >> ~/docker.crt

Restarted the service but not luck so far

Run update-ca-trust to make sure the OS trust the cert as well, I think docker has some dependencies which do not use the docker SSL store. Hope it helps.

Tomasz

Suggest following what is written at Zscaler help documention and search for Docker …
What you described above looks missing parts … (if we are talking about the same Docker tool).

At the end, I had a wrong configuration on my /etc/default/docker file. In HTTPS_PROXY I had set a https://.zscaler.net instead http://.zscaler.net