Docker Desktop for Windows with Linux Containers and TLS

TL/DR: Is it possible to use Docker on Windows, with Linux containers, and with TLS enabled?

Observation 1:

When I use Docker on Windows 10 (Docker Desktop, and engine 19.03.5) I can happily use Linux containers.

Observation 2:

Using the same environment as observation 1 above, if I want to expose the docker daemon on TCP with TLS, I can use openssl to set up the CA, and all the certs I need – again, no problem. Just to clarify, this is all happening on localhost – only the one host PC is involved.

My Docker Engine config file (Docker Desktop > Settings > Docker Engine) ends up looking like this:

  "registry-mirrors": [],
  "insecure-registries": [],
  "debug": true,
  "experimental": false,
  "tlsverify": true,
  "tlscacert": "C:/dockercerts/ca.pem",
  "tlscert": "C:/dockercerts/server-cert.pem",
  "tlskey": "C:/dockercerts/server-key.pem",
  "hosts": [

And, the following docker version command works like a charm for me:

docker --tlsverify ^
  --tlscacert=C:/dockercerts/ca.pem ^
  --tlscert=C:/dockercerts/cert.pem ^
  --tlskey=C:/dockercerts/key.pem ^
  -H=localhost:2376 version

Observation 3:

But to make the docker version command in observation 2 work, I have to switch Docker Desktop from “Linux Containers” to “Windows Containers”.

(I have no use for Windows containers.)

If I try to switch Docker Desktop to use Linux containers, then Docker Desktop crashes on start-up (or on restart). I even had to re-install the whole thing a couple of times – I could not get to the “reset to factory options” button.


I was trying to use the Docker API (the REST services) over HTTPS rather than HTTP – so that’s what prompted all of this – in case that helps.

Likely Conclusion…?:

It’s not possible to mix these specific things on Windows – and I should use a Linux host for my Linux containers.

However, I’d be delighted to see a set-up where I can run that docker version command on Windows, using my certificates, and Linux containers – all at the same time.

Failing that, if anyone has any insight into why it’s not possible (“blah blah windows pipes blah…“) or something like that, I would be very interested.

(I do see a fairly large number of Docker and TLS questions on SO – but nothing specific to this scenario.)

Source: StackOverflow