Comments on How to Setup Private Docker Registry on Ubuntu 18.04 LTS

what exactly are you trying to do here ? , you input a certificate and output the same certificate with a different extension of the file.

what you are doing there could be done with `mv rootCA{.pem,.crt}` , or copy

Its just convert the PEM certificate file to the CRT file.

You can see the difference below.

https://crypto.stackexchange.com/questions/43697/what-is-the-difference-between-pem-csr-key-and-crt

i don't think that's right :)

i think what you wanted to say , is that a file with a .pem extension can contain any data like a ssh private/public key , a PKCS#8 private key (the private counterpart of an ssl cert) or public key (digital/ssl certificate)

also these days we only use X509v3 , so there's nothing to convert to/from , only need to convert from DER to PEM (base64) from time to time, and the reverse

so in the command mentioned above , he clearly doesn't use the -outform parameter which means that it's clearly a base64 encoded public key (ssl certificate) and the outform is also PEM by default, so he only changes it's extension from .pem to .crt , it doesn't make any changes to it's contents or structure

that being said , it's a good howto , thank you! :)

Thanks for your comment, I really appreciate it.

Btw, this root certificate is generated with 'mkcert' tool for local domain '*.hakase-labs.io'.

Simply put, I just want to add the RootCA.pem certificate to the '/usr/share/ca-certificates' directory, which is provided by the package 'ca-certificates'. I need to do that so I can check the private registry 'URL' from terminal and web browser/using httpie without any warnings. 

So, when I check to the directory '/usr/share/ca-certificates', I found all CA certificates inside has a '.crt' format. And it just come to my mind to convert my 'pem' root certificate to the '.crt' format.

that's correct update-ca-certificates script looks for files with a .crt extension , you can modify it though with a diffrent name so it doesn't get overwritten by updates and use that :)

but if you have a base64 encoded (PEM) certificate, you don't need to run it through `openssl x509` , you can just copy it `cp rootCA.pem /path/where/to/copy/rootCA.crt` considering that you don't have a file with that name already and don't overwrite something that you need

also i would recommend copy your custom/personal CA certs in /usr/local/share/ca-certificates/  instead of /usr/share/ca-certificates/

Hello, Muhamad,

your manual worked wonderfully compared to the many others.

Thank you

Hi,

Would you have an idea why when I do

docker login $URL I received a Error 403

Error response from daemon: login attempt to https://$HOST/v2/ failed with status: 403 Forbidden

While if I do :

http -a $USER https://$HOST/v2/_cataloghttp: password for $USER@$HOST: HTTP/1.1 200 OKConnection: keep-aliveContent-Length: 20Content-Type: application/json; charset=utf-8Date: Fri, 15 Mar 2019 10:35:03 GMTDocker-Distribution-Api-Version: registry/2.0Server: nginx/1.15.9X-Content-Type-Options: nosniff

{"repositories": []}

It works !

I got this error

Error response from daemon: Get https://<IP>/v2/: x509: cannot validate certificate for <IP> because it doesn't contain any IP SANs

Could you please tell the solution?

Thank you