How to handle certificates for remote registry correctly #security
|
I want to configure a replication between harbor and a docker registry.
The docker registry is secured by self-signed certificates, which I copied to /etc/docker/certs.d/dockerregistry.mydomain/ (.cert , .crt files) on the harbor host. But when I configure the registry in harbor with verify remote cert, the failure "failed to ping endpoint" occurs. What is missing or what am I doing wrong? (I am using v2.0.1 and of course did a docker-compose down and up already) |
|
|
|
stephankaps80@...
maybe this is kind of the thing https://github.com/goharbor/harbor/issues/7176
but first of all it would be good to know, what needs to be done to make the "verify remote cert" work |
|
|
|
Dany
Hi,
I have posted a similar post but not exactly the same question. My understanding is that whe you create a registry end point , the harbor tries to check the remote certifacte so in your case the docker registry The help online states that the verify remote cert flag should be unchecked when remote registry is using a self signed cert, so it might be normal that the connection test is failing. In my case, i wanted to know if need to configure the harbor with the CA cert of remote registry and how ; cna you elaborate on what you did on your habor host |
|
|
|
daojunz
See Harbor faq: https://github.com/goharbor/harbor/wiki/Harbor-FAQs
you could add a ca cert:
[A] After installed the Harbor, there is a directory under common/config/shared/trust-certificates Copy the LDAP certificate, for example, ldap_ca.crt to this directory and restart the Harbor, The certificate is added to the trust store of the core container, and then you could enable “Verify Cert” in the LDAP configuration.
Best regards, Stone (张道军) Software Engineer, CNA, VMware R&D
--
From: <harbor-users@...> on behalf of "Dany via lists.cncf.io" <daniel.peigne=nokia.com@...>
Hi, |
|
|