0 0 Share PDF

Generate client bundle on Windows nodes for untrusted UCP URL

Article ID: KB000826


Following issue is seen when attempting to download a UCP Client Bundle over CLI on a Windows node. If the UCP URL has untrusted certificates, the command mentioned in the docs.docker.com errors with a message similar to the following,

Error seen when attempting to generate client bundle for untrusted UCP URL


  1. Open a Powershell in Administrator mode.
  2. Navigate to a directory where you wish to save the Client bundle.
  3. Provide the appropriate values for UCPURL, Username, Password in following code excerpt and execute.

This will download a client bundle with the name ucp-bundle-test.zip. Extract it's contents, cd to the directory and import the UCP environment settings in the current shell.

Summary :

add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$AUTHTOKEN=((Invoke-WebRequest -Body '{"username":"username", "password":"password"}' -Uri $UCPURL/auth/login -Method POST).Content)|ConvertFrom-Json|select auth_token -ExpandProperty auth_token
Invoke-WebRequest -Uri $UCPURL/api/clientbundle -Headers @{"Authorization"="Bearer $AUTHTOKEN"} -OutFile "ucp-bundle-test.zip"
Expand-Archive "ucp-bundle-test.zip"
cd ucp-bundle-test
Import-Module .\env.ps1
docker ps

Other issue that could happen during the resolution steps

If you got the error x509: certificate signed by unknown authority when doing docker ps after successfully downloading the client bundle and importing environment variables.

Then open a new Powershell terminal in Administrator mode, navigate to the client bundle directory and import environment variables again with the command Import-Module .\env.ps1. It should then hopefully work.


This has been tested to work on Windows 10 with docker 18.06.0-ce as client engine and on Windows Server 2016 docker 17.06.2-ee-14 as client engine.