Using certificates for repository client verification (Engine)
Using certificates for repository client verification
In Running Docker with HTTPS, you learned that, by default, Docker runs via a non-networked Unix socket and TLS must be enabled in order to have the Docker client and the daemon communicate securely over HTTPS. TLS ensures authenticity of the registry endpoint and that traffic to/from registry is encrypted.
This article demonstrates how to ensure the traffic between the Docker registry (i.e., a server) and the Docker daemon (i.e., a client) traffic is encrypted and a properly authenticated using certificate-based client-server authentication.
We will show you how to install a Certificate Authority (CA) root certificate for the registry and how to set the client TLS certificate for verification.