Pivotal Container Service (PKS): v1.0.0-build.3
VMware Harbor Registry: v1.4.1-build.1
Harbor Authentication Mode: UAA in Pivotal Container Service
When using docker client CLI to log on to the VMware Harbor Registry's correct FQDN Hostname:
Example: $ docker login myharbor.domain.com
It fails with error:
Error response from daemon:
Get https://myharbor.domain.com/v2/: x509: certificate signed by unknown authority.
Your local client does not have the certificate in its keychain and/or the docker server/client is not using it.
Follow the steps to resolve this issue:
Step 1: Locate your certificate for your VMware Harbor Registry from Operations Manager:
- Browse to the Ops Manager Dashboard. Click on the tile for VMware Harbor Registry.
- From the Settings tab, click on Certificate. Copy your certificate from the panel.
- Create a cert.pem file with the contents copied from above. Simply create this cert.pem file through a copy/paste of the CERTIFICATE copied.
The end result should be that your cert.pem file:
Starts with the following line:
And ends with the following line:
Step 2: Then add that cert.pem to your Operating System's trust store
MAC OPTION (For Mac OS X only): If using both Docker App and the docker CLI on Mac OS X, you can add it to the keychain from the terminal:
$ security add-trusted-cert -d -r trustRoot -k ~/Library/Keychains/login.keychain ./cert.pem
MAC OPTION (Continued): Then Quit and restart your local Docker App
Step 3: Now you retry logging in to VMware Harbor Registry:
$ docker login myharbor.domain.com