The Docker daemon relies on the host operating system’s certificate trust store when establishing HTTPS connections. To pull initial base images from Docker Hub or your private registry, the daemon must trust the proxy.
Obtain the enterprise proxy root Certificate Authority (CA) certificate from the network or security team.
Install the proxy root CA into the host operating system’s trusted certificate store. For example:
# Copy your proxy certificate to the system trust store sudo cp proxy-ca.crt /usr/local/share/ca-certificates/proxy-ca.crt # Update the host's CA store sudo update-ca-certificates
Verify that the host can establish HTTPS connections through the proxy without certificate validation errors.
When this step is completed, the host operating system trusts TLS connections that are intercepted and re‑signed by the proxy.