$ docker --tlsverify -H prod_host1:9998 ps The server probably has client authentication (--tlsverify) enabled. Please check your TLS client certification settings
User certificates identify a user, and are used to enforce access control policies. You can control how long user certificates are valid. By default, user certificates are valid for 365 days.
To configure the validity period of user certs:
Open Console.
Go to Manage > Authentication > Certificates.
Under Configuration, enter a new value for Number of days until expiration of certificate.
Click Save.
The following message is printed to the console when you try to authenticate with an expired certificate.
This example command tries to run docker ps
on a remote host named prod_host1.
$ docker --tlsverify -H prod_host1:9998 ps The server probably has client authentication (--tlsverify) enabled. Please check your TLS client certification settings
When your certificates expire, you can quickly generate a new ones.
Go to Console.
Log in with your credentials to reauthenticate with Console. This step generates fresh certificates.
If you integrated Twistlock with LDAP, log in with your LDAP credentials.
If you integrated with SAML, log in with your SAML credentials.
If you are using Twistlock users, log in with your Twistlock user credentials.
On the left menu, click Manage > Authentication > Credentials. Non-admin users are taken directly to this page.
Copy the installation script, and run it on your local machine.
The script installs fresh certificates on your machine.
Verify that your certs are valid by running a Docker command on a host protected by Defender.
$ docker --tlsverify -H prod_host1:9998 ps