With Windows Server 2016 available it’s time to find out all the little details when using Docker to administrate containers. A common scenario is accessing a private/internal hosted Docker Registry protected with a self-signed certificate (Details).
Here is how you enable the Docker daemon and CLI on Windows Server 2016 to use your certificate when talking to the registry.
- Have your certificate (.crt) file available on the server
- Copy it to
C:\ProgramData\docker\certs.d\[hostname][port]\ca.crt
Example with internal registry on DNS and port myinternalregistry:5000:
C:\ProgramData\docker\certs.d\myinternalregistry5000\ca.crt
Then restart the Docker daemon in a PowerShell session:
Restart-Service docker
You can now docker run/pull/push to your private registry.
Note that the certs.d folder may not exist - in this case just create it. If you ever used Docker on Linux you would have a certs.d as well, with the registry folder in the format [hostname]:[port]. On Windows you cannot have : in folder names. If you dive into the source code you can see Docker simply strips the colon from the path on Windows