How to use Artifactory Docker registry with a self-signed certificate or a certificate issued by a private certificate authority?

How to use Artifactory Docker registry with a self-signed certificate or a certificate issued by a private certificate authority?
AuthorFullName__c
JFrog Support
articleNumber
000001542
ft:sourceType
Salesforce
FirstPublishedDate
2016-10-06T13:38:26Z
lastModifiedDate
2024-03-10T07:48:21Z
VersionNumber
6

When working with a private Docker registry in a testing environment or on a private
network, you might choose not to use certificates issued by a well-known certificate
authority (CA). Using this type of certificate will require additional configurations on your
Docker client. More information on how to do this is available HERE .
Failure to set this up will result in an error similar to the following:

FATA[0000] Error response from daemon: v1 ping attempt failed with error:
Get https://myregistrydomain.com:5000/v1/_ping: tls: oversized record received with
length 20527.


If your private Docker registry only supports unknown CA certificates using HTTP or HTTPS,
add –insecure-registry myregistrydomain.com:5000 to your daemon’s arguments.
In the case of HTTPS, if you have access to the registry’s CA certificate, simply place it in
/etc/docker/certs.d/myregistrydomain.com:5000/ca.crt.

Published: Oct. 6, 2016
Last updated: Feb. 3, 2021

Keywords: Docker registry, certificate, self-signed