Configure your Docker Engine

Estimated reading time: 2 minutes

By default Docker Engine uses TLS when pushing and pulling images to an image registry like Docker Trusted Registry.

If DTR is using the default configurations or was configured to use self-signed certificates, you need to configure your Docker Engine to trust DTR. Otherwise, when you try to log in, push to, or pull images from DTR, you’ll get an error:

$ docker login dtr.example.org

x509: certificate signed by unknown authority

The first step to make your Docker Engine trust the certificate authority used by DTR is to get the DTR CA certificate. Then you configure your operating system to trust that certificate.

Configure your host

macOS

In your browser navigate to https://<dtr-url>/ca to download the TLS certificate used by DTR. Then add that certificate to the macOS trust store.

Windows

In your browser navigate to https://<dtr-url>/ca to download the TLS certificate used by DTR. Then add that certificate to the Windows trust store.

Ubuntu/ Debian

# Download the DTR CA certificate
$ curl -k https://<dtr-domain-name>/ca -o /usr/local/share/ca-certificates/<dtr-domain-name>.crt
# Refresh the list of certificates to trust
$ sudo update-ca-certificates
# Restart the Docker daemon
$ sudo service docker restart

RHEL/ CentOS

# Download the DTR CA certificate
$ curl -k https://<dtr-domain-name>/ca -o /etc/pki/ca-trust/source/anchors/<dtr-domain-name>.crt
# Refresh the list of certificates to trust
$ sudo update-ca-trust
# Restart the Docker daemon
$ sudo /bin/systemctl restart docker.service

Boot2Docker

  1. Login into the virtual machine with ssh:

    docker-machine ssh <machine-name>
    
  2. Create the bootsync.sh file, and make it executable:

    sudo touch /var/lib/boot2docker/bootsync.sh
    sudo chmod 755 /var/lib/boot2docker/bootsync.sh
    
  3. Add the following content to the bootsync.sh file. You can use nano or vi for this.

    #!/bin/sh
    
    cat /var/lib/boot2docker/server.pem >> /etc/ssl/certs/ca-certificates.crt
    
  4. Add the DTR CA certificate to the server.pem file:

    curl -k https://<dtr-domain-name>/ca | sudo tee -a /var/lib/boot2docker/server.pem
    
  5. Run bootsync.sh and restart the Docker daemon:

    sudo /var/lib/boot2docker/bootsync.sh
    sudo /etc/init.d/docker restart
    

Login into DTR

To validate that your Docker daemon trusts DTR, trying authenticating against DTR.

docker login dtr.example.org

Where to go next

chat icon Feedback? Suggestions? Can't find something in the docs?
Edit this page Request docs changes Get support
Rate this page: