How to use Artifactory Docker registry with a self-signed certificate or a certificate issued by a private certificate authority?

JFrog Support
2016-10-06 13:38

In test environment or a private network, you may choose not to use a certificate issued by a well-known certificate authority for a private Docker registry with Artifactory. Docker client operation with such certificate requires additional configuration, and you can make the configuration by using the insecure flag or manually trusting the certificate. Please visit this link for more details on how to do this.

Failure to set this up will result in error similar to below:

FATA[0000] Error response from daemon: v1 ping attempt failed with error:

Get tls: oversized record received with length 20527. 

If this private registry supports only HTTP or HTTPS with an unknown CA certificate,please add 

`–insecure-registry` to the daemon's arguments.

In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag;

simply place the CA certificate at /etc/docker/certs.d/