DrEdWilliams: Created page with "While it is possible to tell docker to ignore the fact that a registry is using self-signed certificates, it is just as easy to put the certificates in a place on the client s..."

2019-12-31T19:48:13Z

Created page with "While it is possible to tell docker to ignore the fact that a registry is using self-signed certificates, it is just as easy to put the certificates in a place on the client s..."

New page

While it is possible to tell docker to ignore the fact that a registry is using self-signed certificates, it is just as easy to put the certificates in a place on the client system where docker can use them to authenticate the server as it likes to do. Assuming that the registry's self-signed certificates were created as described [[Creating a Self-Signed Certificate|here]], you have the certificate in a files called ''cert.pem'' and the key in a file called ''key.pem''. The <hostname> used in the commands below must match '''''EXACTLY''''' the hostname provided when creating the keys.

Docker allows local certificates to be placed in a directory on the client called ''/etc/docker/certs.d''. The contents of this directory are a set of subdirectories -- one for each system to be authenticated -- that contain the cert/key files for that system. Using the certificate created above, issue these commands:

sudo mkdir -p /etc/docker/certs.d/<hostname>
sudo cp cert.pem /etc/docker/certs.d/<hostname>/domain.crt
sudo cp cert.pem /etc/docker/certs.d/<hostname>/ca.crt
sudo cp key.pem /etc/docker/certs.d/<hostname>/domain.key

This must be done on any system that will be accessing the registry. Alternatively, the entire <hostname> subdirectly can be copied to the other systems using scp:

sudo scp -r /etc/docker/certs.d/<hostname> <client-hostname>:/etc/docker/certs.d

Docker and Self-Signed Certificates - Revision history

DrEdWilliams: Created page with "While it is possible to tell docker to ignore the fact that a registry is using self-signed certificates, it is just as easy to put the certificates in a place on the client s..."