According to http://golang.org/src/pkg/crypto/x509/root_unix.go, you should append your certificate to one of the following:

• /etc/ssl/certs/ca-certificates.crt
• /etc/pki/tls/certs/ca-bundle.crt
• /etc/ssl/ca-bundle.pem
• /etc/ssl/cert.pem
• /usr/local/share/certs/ca-root-nss.crt

Find the one that exists on your system, and append your certificate to it.

(And be ready to do it again when you upgrade the package containing that file...)

I hope there is a better method, but this is the only one I found so far :-)

@jpetazzo's answer is overall correct, however there is a nicer way to do the same thing (without manually editing a ca-bundle file):

• on CentOS:

  sudo cp yourcert.crt /etc/pki/ca-trust/source/anchors/
  sudo update-ca-trust extract
  sudo service docker restart
  

• on Debian:

  sudo cp yourcert.crt /usr/local/share/ca-certificates/
  sudo update-ca-certificates
  sudo service docker restart
  

Note that restarting docker daemon is necessary!

To configure docker to work with a proxy system you first need to add the HTTPS_PROXY / HTTP_PROXY environment variable to the docker sysconfig file. However depending on if you use init.d or the services tool you need to add the "export" statement. As a workaround you can simply add both variants in the sysconfig file of docker:

/etc/sysconfig/docker

HTTPS_PROXY="https://<user>:<password>@<proxy-host>:<proxy-port>"
HTTP_PROXY="https://<user>:<password>@<proxy-host>:<proxy-port>"
export HTTP_PROXY="https://<user>:<password>@<proxy-host>:<proxy-port>"
export HTTPS_PROXY="https://<user>:<password>@<proxy-host>:<proxy-port>"

To get docker working with ssl intercepting proxies you have to add the proxy root certificate to the systems trust store.

For CentOS copy the file to /etc/pki/ca-trust/source/anchors/ and update the ca trust store. Restart the docker service afterwards. If your proxy uses NTLM authentication - it's necessary to use intermediate proxies like cntlm. This blog post explains it in detail