containers-certs.d - Man Page
Directory for storing custom container-registry TLS configurations
Description
A custom TLS configuration for a container registry can be configured by creating a directory under $HOME/.config/containers/certs.d or /etc/containers/certs.d. The name of the directory must correspond to the host:port of the registry (e.g., my-registry.com:5000).
Directory Structure
A certs directory can contain one or more files with the following extensions:
- *.crt files with this extensions will be interpreted as CA certificates
- *.cert files with this extensions will be interpreted as client certificates
- *.key files with this extensions will be interpreted as client keys
Note that the client certificate-key pair will be selected by the file name (e.g., client.{cert,key}). An exemplary setup for a registry running at my-registry.com:5000 may look as follows:
/etc/containers/certs.d/ <- Certificate directory └── my-registry.com:5000 <- Hostname:port ├── client.cert <- Client certificate ├── client.key <- Client key └── ca.crt <- Certificate authority that signed the registry certificate
History
Feb 2019, Originally compiled by Valentin Rothberg rothberg@redhat.com ⟨mailto:rothberg@redhat.com⟩
Referenced By
containers-registries.conf(5), podman-build(1), podman-container-runlabel(1), podman-farm-build(1), podman-image-sign(1), podman-kube-down(1), podman-kube-play(1), podman-login(1), podman-manifest-add(1), podman-manifest-push(1), podman-pull(1), podman-push(1), podman-search(1), skopeo-login(1).