Docker Community Forums

Share and learn in the Docker community.

How to disable certificate validation when access an HTTPS registry

From https://docs.docker.com/registry/insecure/

With insecure registries enabled, Docker goes through the following steps:

* First, try using HTTPS.
  * If HTTPS is available but the certificate is invalid, ignore the error about the certificate.
  * If HTTPS is not available, fall back to HTTP.

However, when I add an IP address into “insecure-registries” and access the registry by this IP, it seems that it use HTTP directly and got the error:
(env) ➜ .docker docker pull 10.10.10.10/project1/service1:v1
Error response from daemon: Get http://10.10.10.10/v2/: net/http: request canceled (Client.Timeout exceeded while awaiting headers)

Here’s the code that I ended up using.

// Create a trust manager that does not validate certificate chains
TrustManager trustAllCerts = new TrustManager{new X509TrustManager(){
public X509Certificate getAcceptedIssuers(){return null;}
public void checkClientTrusted(X509Certificate certs, String authType){}
public void checkServerTrusted(X509Certificate certs, String authType){}
}};

// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance(“TLS”);
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
;
}