How to Make Docker Trust Harbor’s SSL Certificate for Secure Login

Added , By with No Comments

download the ca.crt from a remote Harbor server at 172.171.20.40 using OpenSSL, you can extract it directly from the TLS handshake. Here’s the command:

openssl s_client -connect <harbor server>:443 -showcerts </dev/nul

  • Initiates a TLS connection to port 443 on <harbor server>
  • Displays the full certificate chain, including the server certificate and any intermediate or root CA certs
  • You’ll see blocks like:Code-----BEGIN CERTIFICATE----- MIID... -----END CERTIFICATE-----

To Save the CA Certificate

  1. Copy the relevant -----BEGIN CERTIFICATE----- block (usually the last one in the chain).
  2. Paste it into a file:bashnano ca.crt
  3. Save and exit.

Use the CA with Docker

Place it in Docker’s trusted certs directory:

mkdir -p /etc/docker/certs.d/<harbor ip>
cp ca.crt /etc/docker/certs.d/<harbor ip>/ca.crt
systemctl restart docker

Now Docker will trust Harbor’s certificate when you run:

docker login <harbor IP>