Skip to main content

Docker Success Center

The Docker enterprise customer portal.

Docker, Inc.

I get "x509: certificate signed by unknown authority" error when I try to login to my DTR with default certificates

This error message means that you do not have a trusted certificate. You need to trust the default certificates generated during your Docker Trusted Registry (DTR) installation. 

You can do so by running these commands on the nodes from where you want to access your DTR (be sure to replace <my-dtr-domain> with your DTR Domain name.):

CentOS/RHEL

export DOMAIN_NAME=<my-dtr-domain>
openssl s_client -connect $DOMAIN_NAME:443 -showcerts </dev/null 2>/dev/null | openssl x509 -outform PEM | tee /etc/pki/ca-trust/source/anchors/$DOMAIN_NAME.crt
update-ca-trust
/bin/systemctl restart docker.service

Ubuntu

export DOMAIN_NAME=<my-dtr-domain>
openssl s_client -connect $DOMAIN_NAME:443 -showcerts </dev/null 2>/dev/null | openssl x509 -outform PEM | tee /usr/local/share/ca-certificates/$DOMAIN_NAME.crt
update-ca-certificates
service docker restart