The default values are unset and the docker cli defaults to using /var/run/docker.sock and/or systemd. However, from your comment to ldg, you have an app that requires these to be set, which would indicate that it wants you to configure TLS on your host for remote access. Here are the steps to configure the TLS keys: Setup CA # work in a secure folder mkdir docker-ca && chmod 700 docker-ca && cd docker-ca # generate a key pair for the CA openssl genrsa -aes256 -out ca-key.pem 2048 # setup CA certificate openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem # make sure to set CN Server certificate # generate a new host key pair openssl genrsa -out myserver-key.pem 2048 # generate certificate signing request (CSR) openssl req -subj "/CN=myserver" -new -key myserver-key.pem -out myserver.csr # setup extfile for ip's to allow echo "subjectAltName = IP:$myserver_ip, IP:127.0.0.1" >extfile.cnf # sign the key by the CA openssl x509 -req -days 365 -in myserver.csr -CA ca.pem -CAkey ca-key.pem \ -CAcreateserial -out myserver-cert.pem -extfile extfile.cnf # test server by updating service: /usr/bin/docker daemon -H fd:// -H tcp://0.0.0.0:2376 --tlsverify \ --tlscacert=/etc/docker/ca.pem --tlscert=/etc/docker/myserver-cert.pem \ --tlskey=/etc/docker/myserver-key.pem You'll need to update your OS startup script for Docker to have the above in it (-H unix:/var/run/docker.sock would be used in place of -H fd:// if you don't have systemd). Client certificate In ".docker" you can add: "ca.pem, key.pem, cert.pem" and then export DOCKER_TLS_VERIFY=1 # create a client key pair openssl genrsa -out client-key.pem 2048 # generate csr for client key openssl req -subj '/CN=client' -new -key client-key.pem -out client.csr # configure request to support client echo extendedKeyUsage = clientAuth >extfile.cnf # sign the client key with the CA openssl x509 -req -days 365 -in client.csr -CA ca.pem -CAkey ca-key.pem \ -CAcreateserial -out client-cert.pem -extfile extfile.cnf # test client with docker --tlsverify \ --tlscacert=ca.pem --tlscert=client-cert.pem --tlskey=client-key.pem \ -H=tcp://127.0.0.1:2376 info` Then DOCKER_CERT_PATH would be the folder with your certificates, e.g. /home/user/.docker. Share Improve this answer Follow answered Jul 22, 2016 at 20:59 BMitch's user avatar BMitch 243k4444 gold badges504504 silver badges468468 bronze badges I've set DOCKER_CERT_PATH to the directory where all the certificates exist . Have also set DOCKER_HOST, DOCKER_TLS_VERIFY values but still when I execute docker commands , the certificate is expected. Anything else I should verify ? I've also tried restarting docker-daemon and docker – explorer Mar 30, 2021 at 19:18 Add a comment 6 Use export DOCKER_TLS_VERIFY="1" export DOCKER_HOST="tcp://0.0.0.0:2376" export DOCKER_CERT_PATH="/etc/docker/server.pem" You can find out the values on your system using ps aux | grep "docker daemon" For instance, in my case I get root 25161 0.0 1.8 545784 38496 ? Ssl 07:11 0:00 /usr/bin/docker daemon -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock --storage-driver aufs --tlsverify --tlscacert /etc/docker/ca.pem --tlscert /etc/docker/server.pem --tlskey /etc/docker/server-key.pem --label provider=amazonec2 You may however have to use sudo to run docker sudo docker ps