Allow verify a self signed CA

Question

Allow verify a self signed CA

falon opened this issue a year ago · 3 comments

I have installed a registry with a self signed CA.
In order to trust my CA authority I added my CA certificate to /usr/local/share/ca-certificates by volume. But this is not sufficient. It seems I have to add it in /etc/ssl/certs/ca-certificates.crt too.

A procedure to add CA certificate in registry-ui would be appreciated.

Answer 1 · 2024-01-03T11:30:56.000Z

When you add a cert to /usr/local/share/ca-certificates you need to run update-ca-certificates inside of the container which is impossible unless you build an image by yourself.

The easiest way is to mount your CA cert to the container into /etc/ssl/certs/ca-certificates.crt.

Answer 2 · 2024-01-03T15:39:54.000Z

The easiest way is to mount your CA cert to the container into /etc/ssl/certs/ca-certificates.crt.

Yes, as it's written in the README. Not very elegant, I overwrite all other certificates... but it works!
Thank you!

Answer 3 · 2024-01-03T15:45:51.000Z

It's okay to overwrite all other certs in this case because the registry ui is not connecting anywhere else but your own registry.