"certificate signed by unknown authority" while trying to pull docker image from trusted registry

Question

I am trying to pull a docker image from a Docker Trusted Registry. I know the https certificate is invalid and want to bypass it for now because I am just testing something quick.

I'm on

$ cat /etc/issue
Debian GNU/Linux 8 \n \l

and start docker by sudo service docker restart

I've added the line below to /etc/init.d/docker and have restarted docker after making the change but it isn't helping.

DOCKER_OPTS="--insecure-registry ipaddress.compute-1.amazonaws.com"

I keep seeing this error while trying to pull

Error response from daemon: Get https://ipaddress.compute-1.amazonaws.com/v1/_ping: x509: certificate signed by unknown authority

My docker version is Docker version 1.12.1, build 23cf638

Answer 1

Or you can also add the certificate of the remote docker registry to /etc/docker/certs.d/<docker registry>/registry.crt on your host system and you should be fine. This should work without a restart of the docker daemon.

Answer 2

If your registry is trusted, then you must have certifications. Add --insecure-registry can not help you bypass the certification validation.

If you can bypass a certification validation simply by adding a parameter to Docker daemon configuration, then the trusted registry is meaningless :)