Latest jf docker image doesn't work with CA certificates

[nipuna-perera]

Describe the bug

Running jf CLI via docker image throws certificate errors.

Current behavior

When I run any artifactory command (even jf rt ping) inside the latest docker image, I get

Get "https://myartifactory.company.com/api/system/ping": tls: failed to verify certificate: x509: certificate signed by unknown authority

If I exec into the container, and do apk update && apk upgrade, the error goes away.

Adding the cacert to ~/.jfrog/security/certs/ did not change anything

Reproduction steps

docker run -it --entrypoint="" docker run releases-docker.jfrog.io/jfrog/jfrog-cli-v2-jf jf rt -- ping --url=https://myartifactory.company.com

Expected behavior

No certificate errors as I have the correct cacerts installed in the container.

JFrog CLI version

2.73.0

Operating system type and version

MacOS Sequoia 15.2

JFrog Artifactory version

No response

JFrog Xray version

No response

[EyalDelarea]

Hi @nipuna-perera

Thank you for reporting this issue. I tried to reproduce the problem using the following command:

docker run -it releases-docker.jfrog.io/jfrog/jfrog-cli-v2-jf jf rt ping --url=https://platform.jfrog.io/artifactory/

However, the command executed successfully without any certificate errors in my environment. Below is a screenshot of the output:

To help debug further, could you please try the following steps:

1. Verify Docker Image Version:
   Ensure you are using the latest jfrog-cli-v2-jf Docker image. Run the following commands to update and use the latest version:

   docker pull releases-docker.jfrog.io/jfrog/jfrog-cli-v2-jf
   docker run -it releases-docker.jfrog.io/jfrog/jfrog-cli-v2-jf jf rt ping --url=https://<your-url>

2. Detailed Logs:
   Run the same command with debug mode enabled to gather more details:

   docker run -it -e JFROG_CLI_LOG_LEVEL=DEBUG  releases-docker.jfrog.io/jfrog-cli-v2-jf jf rt ping --url=https://<your-url>

3. Provide docker version and runtime

docker --version && docker info | grep "Runtime"

4. Provide which artifactory version are you using

Providing as much details as possible will help us solve this issue.

[nipuna-perera]

Running it in DEBUG mode didn't reveal much more than the original error. Here's part of what I'm seeing additionally

And the error message

23:06:49 [Debug] Sending HTTP GET request to: https://<url>/api/system/ping
23:06:49 [🟠Warn] (Attempt 1) - Failure occurred while sending GET request to https://<url>/api/system/ping: Get "https://<url>/api/system/ping": tls: failed to verify certificate: x509: certificate signed by unknown authority

Docker version:

Docker version 27.4.0, build bde2b89
WARNING: daemon is not using the default seccomp profile
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc

The following command is successful though

docker run -it --entrypoint='' -e JFROG_CLI_LOG_LEVEL=DEBUG releases-docker.jfrog.io/jfrog/jfrog-cli-v2-jf sh -c 'apk update && apk upgrade && jf rt ping --url=https://<url>'

Arty version: Enterprise Plus 7.68.19 rev 76819900