I’m new to this, setting up a private registry on premise, using htpasswd authentication for now and our digicert wildcard cert.
In testing I was able to get a self-signed cert working, but for real use I don’t want to hassle our devs with the need to add the cert to every workstation. But after a day or two of flailing, I’m stuck at a point where “docker login” attempts always return an error “Error response from daemon: Get https://d-------.org/v2/: x509: certificate signed by unknown authority”
In a browser I can enter the URL for the registry (https://d----.org) and while I get a blank page, the browser shows the site as secure and I can see our cert information.
However, from the workstation (where docker login fails), curl https://d----.org returns:
“curl: (60) SSL certificate problem: unable to get local issuer certificate”
and wget https://d----.org returns:
ERROR: cannot verify d—.org’s certificate, issued by ‘/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA’:
Unable to locally verify the issuer’s authority.
The certs are on the vm and mounted to the container at /certs, with
passed to the container
What am I missing?
Hope to hear from you…