From d636c8781d8477f5d20992579420b67f81d03f68 Mon Sep 17 00:00:00 2001
From: Tim H <hobti01@users.noreply.github.com>
Date: Thu, 23 Feb 2017 13:42:51 +0100
Subject: [PATCH] Add troubleshooting tip for default https port

Rename the CA certificate file to ca.crt: It is not the cert of the server, but of the CA.
---
 engine/security/certificates.md | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/engine/security/certificates.md b/engine/security/certificates.md
index caf697b4bd..c04f8405e0 100644
--- a/engine/security/certificates.md
+++ b/engine/security/certificates.md
@@ -43,7 +43,7 @@ The following illustrates a configuration with custom certificates:
     └── localhost:5000          <-- Hostname:port
        ├── client.cert          <-- Client certificate
        ├── client.key           <-- Client key
-       └── localhost.crt        <-- Certificate authority that signed
+       └── ca.crt               <-- Certificate authority that signed
                                     the registry certificate
 ```
 
@@ -76,6 +76,16 @@ following error message:
 Missing key KEY_NAME for client certificate CERT_NAME. Note that CA certificates should use the extension .crt.
 ```
 
+If the Docker registry is accessed without a port number, do not add the port to the directory name.  The following shows the configuration for a registry on default port 443 which is accessed with `docker login my-https.registry.example.com`:
+
+```
+    /etc/docker/certs.d/
+    └── my-https.registry.example.com          <-- Hostname without port
+       ├── client.cert
+       ├── client.key
+       └── ca.crt
+```
+
 ## Related Information
 
 * [Use trusted images](index.md)