mirror of https://github.com/docker/docs.git
Add alias for Notary cert directory (#3889)
This commit is contained in:
parent
a0cb9b2947
commit
643b817b7b
|
@ -200,42 +200,15 @@ environment.
|
|||
The sample private key files in the Notary repository are obviously public knowledge
|
||||
and using them in a production deployment is highly insecure.
|
||||
|
||||
### Certificates on CentOS
|
||||
### Certificate directory
|
||||
|
||||
For CentOS 6 and CentOS 7, use the following steps to add trusted root
|
||||
certificates.
|
||||
|
||||
1. Install the `ca-certificates` package:
|
||||
|
||||
```bash
|
||||
$ yum install ca-certificates
|
||||
```
|
||||
|
||||
2. Use the `update-ca-trust` command with the `force-enable` option
|
||||
to enable dynamic CA configuration:
|
||||
|
||||
```bash
|
||||
$ update-ca-trust force-enable
|
||||
```
|
||||
|
||||
3. Copy the certificate to the `/etc/pki/ca-trust/source/anchors/` directory:
|
||||
|
||||
```bash
|
||||
$ cp your-cert.crt /etc/pki/ca-trust/source/anchors/`
|
||||
```
|
||||
|
||||
4. Use the `update-ca-trust` command to produce updated versions of the
|
||||
consolidated configuration files:
|
||||
|
||||
```bash
|
||||
$ update-ca-trust extract
|
||||
```
|
||||
|
||||
For CentOS 5, just add your certificate to the bundle. Append your trusted
|
||||
certificate to the bundle file at `/etc/pki/tls/certs/ca-bundle.crt`:
|
||||
Notary is a user/client-based system, and it searches for certificates in the
|
||||
user's home directory, at `~/.docker/trust`. To streamline using Notary from
|
||||
the command line, create an alias that maps the user's `trust` directory to
|
||||
the the system's `ca-certificates` directory.
|
||||
|
||||
```bash
|
||||
$ cat your-cert.crt >> /etc/pki/tls/certs/ca-bundle.crt
|
||||
$ alias notary="notary -s https://<dtr-url> -d ~/.docker/trust --tlscacert /usr/local/share/ca-certificates/<dtr-url>.crt"
|
||||
```
|
||||
|
||||
### Databases
|
||||
|
|
Loading…
Reference in New Issue