Harbor: 关于HTTPS的配置问题

Created on 7 Jun 2017 · 10Comments · Source: goharbor/harbor

你好：
我在部署harbor的时候，配置了HTTPS并上传了相关的证书，出现了一个很奇怪的问题
我在使用浏览器访问harbor的时候是正常的，地址栏显示为安全连接
但是我在centos服务器上使用docker login命令登录的时候，却是报证书错误，日志如下：
docker login registry.xxxxxx.com
Username: admin
Password:
Error response from daemon: Get https://registry.niudingfeng.com/v1/users/: x509: certificate signed by unknown authority
我在网上查找了跟这个问题的解决方案如下：
把我使用在nginx上的证书的内容添加到服务器上的这个文件中：/etc/pki/tls/certs/ca-bundle.crt，依然没有解决问题！！

请问我现在需要怎么处理这个问题，谢谢！！！！

Source

aaron0428

Most helpful comment

if you are using a self-signed certificate, put the ca certificate into /etc/docker/certs.d/yourhost(replace this with your server's ip or fqdn)

sigsbee on 7 Jun 2017

👍5

All 10 comments

if you are using a self-signed certificate, put the ca certificate into /etc/docker/certs.d/yourhost(replace this with your server's ip or fqdn)

sigsbee on 7 Jun 2017

👍5

tree /etc/docker/certs.d/
/etc/docker/certs.d/
└── registry.xxxxxx.com
├── star_xxxxxx_com.cert
├── star_xxxxxx_com.crt
└── star_xxxxxx_com.key

还是一样解决不了问题

docker login registry.xxxxxx.com
Username: admin
Password:
Error response from daemon: Get https://registry.niudingfeng.com/v1/users/: x509: certificate signed by unknown authority

aaron0428 on 8 Jun 2017

Assume that you are using ip 10.1.1.1, then it should look like /etc/docker/certs.d/10.1.1.1/ca.crt

sigsbee on 8 Jun 2017

我猜测可能是证书的问题
我第一次使用的是购买的证书，已经通过网络认证的，但是使用了所有的配置方法，都解决不了整个认证失败的问题
我现在使用的是我自己创建的证书，用这个命令创建：openssl req -x509 -days 3650 -nodes -newkey rsa:2048 -keyout /data/harbor/cert/server.key -out /data/harbor/cert/server.crt
就可以正常使用

aaron0428 on 8 Jun 2017

@aaron0428 你用 fullchain 的证书试试

zhengyangfeng00 on 20 Oct 2017

@aaron0428 最后确定是证书的问题了吗？

congim on 9 Aug 2018

@aaron0428 输入CN的名字是什么，二级域名还是FQDN？

jacky1104 on 13 Aug 2018

try to restart your docker.service

john36711 on 26 Feb 2019

Did the 'let's encrypt' Certificate Authority is ok for harbor's certification? Otherwise, which certificate is sutiable, can i get an official recommendation?