Add alias for Notary cert directory (#3889)

This commit is contained in:
Jim Galasyn 2017-07-13 12:35:16 -07:00 committed by John Mulhausen
parent a0cb9b2947
commit 643b817b7b
1 changed files with 6 additions and 33 deletions

View File

@ -200,42 +200,15 @@ environment.
The sample private key files in the Notary repository are obviously public knowledge
and using them in a production deployment is highly insecure.
### Certificates on CentOS
### Certificate directory
For CentOS 6 and CentOS 7, use the following steps to add trusted root
certificates.
1. Install the `ca-certificates` package:
```bash
$ yum install ca-certificates
```
2. Use the `update-ca-trust` command with the `force-enable` option
to enable dynamic CA configuration:
```bash
$ update-ca-trust force-enable
```
3. Copy the certificate to the `/etc/pki/ca-trust/source/anchors/` directory:
```bash
$ cp your-cert.crt /etc/pki/ca-trust/source/anchors/`
```
4. Use the `update-ca-trust` command to produce updated versions of the
consolidated configuration files:
```bash
$ update-ca-trust extract
```
For CentOS 5, just add your certificate to the bundle. Append your trusted
certificate to the bundle file at `/etc/pki/tls/certs/ca-bundle.crt`:
Notary is a user/client-based system, and it searches for certificates in the
user's home directory, at `~/.docker/trust`. To streamline using Notary from
the command line, create an alias that maps the user's `trust` directory to
the the system's `ca-certificates` directory.
```bash
$ cat your-cert.crt >> /etc/pki/tls/certs/ca-bundle.crt
$ alias notary="notary -s https://<dtr-url> -d ~/.docker/trust --tlscacert /usr/local/share/ca-certificates/<dtr-url>.crt"
```
### Databases