1

There's a Docker registry running on my company's internal network at, say, registry.com. I know that the registry is legit but when I run

docker login registry.com

it complains that the certificate is signed by an unknown authority.

Is there a way, from the command line, to download/construct the .crt file for the authority so that I can add it to /usr/local/share/ca-certificates and run update-ca-certificates?

I know I could add registry.com to "insecure-registries" in /etc/docker/daemon.json but I'd like a more general solution that isn't Docker-specific.

Daniel Walker
  • 801
  • 1
  • 9
  • 35

1 Answers1

1

You can use for example, curl but personally I find openssl easier to use. So here is an example on how to use openssl to achieve it.

openssl s_client -showcerts -servername registry.com -connect registry.com:443 </dev/null

The </dev/null part is just so we get our terminal back.

Valentin Bajrami
  • 9,344