Docker Community Forums

Share and learn in the Docker community.

Private docker registry with self signed certificate

insecure-registry
docker

(Eslam ElHusseiny) #1

Expected behavior

Being able to pull / push to a private docker registry with a self-signed certificate once you configure your docker machine with the self-signed certificate

Actual behavior

Error response from daemon: Get https://docker-registry.example.in/v1/_ping: net/http: TLS handshake timeout

Information

  • the output of:
    • pinata diagnose -u on OSX
      OS X: version 10.11.4 (build: 15E65)
      Docker.app: version v1.11.0-beta7
      Running diagnostic tests:
      [OK] docker-cli
      [OK] Moby booted
      [OK] driver.amd64-linux
      [OK] vmnetd
      [OK] osxfs
      [OK] db
      [OK] slirp
      [OK] menubar
      [OK] environment
      [OK] Docker
      [OK] VT-x
      Docker logs are being collected into /tmp/20160419-131000.tar.gz
      Most specific failure is: No error was detected
      Your unique id is: 503F5003-1BB0-46C1-9846-6C1E34644D3A
      Please quote this in all correspondence.
    • DockerDebugInfo.ps1 using Powershell on Windows
      N/A
  • a reproducible case if this is a bug, Dockerfiles FTW
    N/A
  • page URL if this is a docs issue or the name of a man page
    N/A
  • host distribution and version ( OSX 10.10.x, OSX 10.11.x, Windows, etc )
    OSX 10.11.4

Steps to reproduce the behavior

Try to pull / push to a private registry with a self-signed certificate

My question is how to add the self-singed certificate to the new docker for mac , in docker-machine I used to ssh the machine and add the certificate in the right place


Adding (self signed) certificates
(Frenchben) #2

Hi @eslam,
Please see the pinned forum post for a possible solution:


(Eslam ElHusseiny) #3

Hi @frenchben,
my private docker registry isn’t insecure, it just runs with a self-signed certificate


(Tobias Gesellchen) #4

Hey @eslam,

please give this one a try: Adding (self signed) certificates

I didn’t have any success, yet, but I hope it’s only due to a wrong CN.