TL;DR: When running your own registry, how do you debug connection issues? Too Long: I'm new to docker. I've containerized a few services at my company and am really enjoying Docker. I've gotten to the point it makes sense to host our own registry.

National Registry Cert Lookup

Doc: Adding A Self Signed Registry Cert In Docker For Mac Windows 10

It seems pretty straight-forward, however I am having problems. E REGISTRYHTTPTLSCERTIFICATE=/certs/wildcard2015.crt This certificate should contain the intermediate and server certificates concatenated together as a bundle. The mention: 'You then configure the registry to use your certificate bundle by providing the REGISTRYHTTPTLSCERTIFICATE environment variable.'

Doc: Adding A Self Signed Registry Cert In Docker For Mac Free

I believe this should be the server certificate on top and any intermediates (in correct order) after. The problem is that your docker engines are not able to verify the complete chain of trust as they should have the CA certificates installed from the OS but they likely do not have the intermediate certificates and the certificate you specified should have the public server certificate. Once it works, you should be able to use curl to verify that the complete chain works as expected, returning a HTTP code of 200 similar to this: $ curl -I HTTP/1.1 200 OK Content-Length: 2 Content-Type: application/json; charset=utf-8 Docker-Distribution-Api-Version: registry/2.0 Date: Mon, 03 Aug 2015 23:29:29 GMT. To answer my own question: I had to copy the signing authorities intermediate cert to /etc/docker/certs.d/machine.domain.com:5000/ca.crt as the docs say for 'option 3' here: This is not a self-signed certificate and it shows as valid when viewed through a web browser from several machines. I guess that isn't a valid test.

I used a different test (using curl; see below) to show that - indeed - the cert needed to be copied locally. I don't know why this is happening but at least I can proceed. To check connection with curl: curl If it fails with a certificate error, you can specify your ca.crt like this: curl -cacert /tmp/intermediatesha256.crt Then if it works, you know what needs to be done. Thanks for the help.