Skip to main content

Docker Success Center

The Docker enterprise customer portal.

Docker, Inc.

How do I use an external TLS certificate for UCP?

This explains how to use an external certificate with UCP 1.1:

or on UCP 2.0:

To summarize:

  1. First, install DTR using --dtr-external-url to specify the load-balancer/Public Address for DTR.
  2. Then, after you install DTR following the DTR installation documentation, using that load balancer IP address to go to the WebUI.
  3. Go to Settings -> Domain and change your Load Balancer/Public Address to the hostname ( e.g. and replace items in Show TLS settings with your certificates.

To describe what goes where:

  1. TLS Certificate: Certificate issued by a Certificate Authority. If there are any intermediate certificates, they should be included here in the correct order. You can generate your own certificates for Trusted Registry using a public service or your enterprise's infrastructure.

  2. TLS private key: The key you used to generate your request for a TLS Certificate.

  3. TLS CA: The CA authority used to create your TLS certificate (root CA).