I am struggling setting up a secure private registry on my local machine to use with Docker for Mac. My Mac runs Docker for Mac 18.06.1-ce-mac73 and the machine name is DE1-AL-025.
First I created a self signed cert in /certs:
openssl req -newkey rsa:4096 -nodes -sha256 \
-subj /CN=\*.DE1-AL-025 \
-keyout /certs/DE1-AL-025.key -x509 -days 356 \
-out /certs/DE1-AL-025.cert
Next I made the certificate available on the client (my Mac):
cp /certs/DE1-AL-025.cert /etc/docker/certs.d/DE1-AL-025\:5000/ca.crt
Finally I start the registry using the self-signed certificate:
docker run -d -p 5000:5000 \
-v /certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/DE1-AL-025.cert \
-e REGISTRY_HTTP_TLS_KEY=/certs/DE1-AL-025.key \
--restart=always --name registry registry:2
When I try to push a sample image into the registry I get this error:
$ docker push DE1-AL-025:5000/busybox:latest
$ The push refers to repository [DE1-AL-025:5000/busybox]
$ Get https://DE1-AL-025:5000/v2/: x509: certificate signed by unknown authority
Is there anything I am missing? Also found a fine print under Creating the client certificates:
The version of OpenSSL in macOS is incompatible with the type of certificate Docker requires.
DE1-AL-025to /etc/hosts/certs/DE1-AL-025.certwith macOs keychain & trust it