Re: How to handle certificates for remote registry correctly #security


daojunz
 

See Harbor faq:

https://github.com/goharbor/harbor/wiki/Harbor-FAQs

 

you could add a ca cert:

 

  1. How to add a CA cert for the LDAP server or other Harbor server?

[A] After installed the Harbor, there is a directory under common/config/shared/trust-certificates Copy the LDAP certificate, for example, ldap_ca.crt to this directory and restart the Harbor, The certificate is added to the trust store of the core container, and then you could enable “Verify Cert” in the LDAP configuration.

 

 

Best regards,

Stone (张道军)

Software Engineer, CNA, VMware R&D

 

-- 

 

 

From: <harbor-users@...> on behalf of "Dany via lists.cncf.io" <daniel.peigne=nokia.com@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Friday, November 19, 2021 at 12:00 AM
To: "harbor-users@..." <harbor-users@...>
Subject: Re: [harbor-users] How to handle certificates for remote registry correctly #security

 

Hi,
I have posted a similar post but  not exactly the same question.

My understanding is that whe you create a registry end point , the harbor tries to check the remote certifacte so in your case the docker registry
The help online states that the verify remote cert flag should be unchecked  when remote registry is using a self signed cert, so it might be normal that the connection test is failing.

In my case, i wanted to know if need to configure the harbor with the CA cert of remote registry and how ;
cna you elaborate on what you did  on your habor host

Join harbor-users@lists.cncf.io to automatically receive all group messages.