docker login CA认证问题/添加自签发的 SSL 证书为受信任的根证书


[root@centos-master root]# docker login -u admin -p admin -e [email protected] https://zq.reg32.com/v2/
FATA[0000] Error response from daemon: invalid registry endpoint https://zq.reg32.com/v2/: Get https://zq.reg32.com/v2/:x509: certificate signed by unknown authority. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry zq.reg32.com` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/zq.reg32.com/ca.crt 


安装ca-certificates包

$ yum install ca-certificates


#使能动态CA配置功能
$ update-ca-trust force-enable 

$ cp /etc/ssl/demoCA/certs/cacert.pem  /etc/pki/ca-trust/source/anchors/


#使新拷贝的证书生效

$ update-ca-trust extract


#证书拷贝后,需要重启docker以保证docker能使用新的证书

$ service docker restart


[root@centos-master root]# docker login -u admin -p admin -e [email protected] https://zq.reg32.com/v2/
WARNING: login credentials saved in /root/.dockercfg.

Login Succeeded



1.openssl生成CA自签证书

2.要想将CA作为私有CA使用,则还需要在/etc/pki/tls/openssl.cnf文件中修改默认路径

3.创建一个ssl目录

4.在ssl目录下生成一个私钥以及证书颁发请求。

5.签署证书(CA服务器上)

你可能感兴趣的:(docker login CA认证问题/添加自签发的 SSL 证书为受信任的根证书)