How To: use an insecure registry with Docker and OS X

The Docker Toolbox assumes SSL (https) to connect to a registry. However, if the certificate is signed by an unknown authority it will fail with this error: certificate signed by unknown authority. Putting my company’s internal certs in the cert store that Docker uses should fix this, however, many attempts to do so were unsuccessful. There just isn’t any clear documentation on how to do this for OS X (El Capitan v10.11.2) that I could find.

As a workaround you can specify that Docker should use an insecure registry with a flag. In an earlier version of Docker where Boot2Docker was used, I ended up finding I could run the following command to use an insecure registry (yes, I know this is dangerous but it’s an internal registry and not accessible to the outside world).

boot2docker ssh "echo $'EXTRA_ARGS=\"--insecure-registry myinternaldockerregistry.org\"' | sudo tee -a /var/lib/boot2docker/profile && sudo /etc/init.d/docker restart"

With updates to Docker for OS X this no longer worked. Again I couldn’t find any clear documentation on how to get certs to work with docker nor how to use an insecure registry. Finally I figured out that this works:

docker-machine ssh default "echo $'EXTRA_ARGS=\"--insecure-registry myinternaldockerregistry.org\"' | sudo tee -a /var/lib/boot2docker/profile && sudo /etc/init.d/docker restart"

Hope this helps someone else. If anyone knows how to get Docker to recognize internal certs please do share.

One Reply to “How To: use an insecure registry with Docker and OS X”

Leave a Reply

Your email address will not be published. Required fields are marked *