Include configuration explanation for intermediate TLS certificates
Intermediate certificates are issued by TLS providers who themselves are an intermediate of a certificate in the trust store. Therefore, to prove the chain of trust is valid, you need to include their certificate as well as yours when you send your certificate to the client. Contrary to what I said in issue #683, distribution can handle these certificate bundles like nginx. As discussed in #docker-distribution, I have updated the deployment documentation (which recommends the use of a TLS certificate from a provider) to include instructions on how to handle the intermediate certificate when a user is configuring distribution. Signed-off-by: Luke Carpenter <x@rubynerd.net>
This commit is contained in:
parent
bdcae0597f
commit
58e5c619ac
1 changed files with 2 additions and 0 deletions
|
@ -89,6 +89,8 @@ docker run -d -p 5000:5000 \
|
||||||
registry:2
|
registry:2
|
||||||
```
|
```
|
||||||
|
|
||||||
|
If the certificate issuer supplies you with an 'intermediate' certificate, such as Gandi, you need to combine your certificate with the intermediates to form a 'certificate bundle'. You can do this using the cat command: ```cat server.crt GandiStandardSSLCA2.pem > server.with-intermediate.crt```. You can then configure the registry to use your certificate bundle with the ```REGISTRY_HTTP_TLS_CERTIFICATE``` environment variable.
|
||||||
|
|
||||||
**Pros:**
|
**Pros:**
|
||||||
|
|
||||||
- best solution
|
- best solution
|
||||||
|
|
Loading…
Reference in a new issue