Download the embedded Harbor Registry root CA certificate so you can use it to connect clients to the registry.
To log in to the embedded
Harbor Registry using a Docker client, you must install the root CA certificate on that client.
Procedure
- Download the embedded Harbor Registry certificate. There are two ways to do this.
- Using the embedded Harbor Registry Console interface.
- Log in to the embedded Harbor Registry Console using the URL. See Log In to the Embedded Harbor Registry Console.
- Click the project link at the page.
- Select the Repositories tab.
- Click Registry Certificate.
- Save the
ca.crt
certificate file to your local machine.
- Using the vSphere Client.
- Select the vCenter cluster where Workload Management and the embedded Harbor Registry are enabled.
- Select.
- In the Root certificate field, click the link Download SSL Root Certificate.
- Save the
root-certificate.txt
file to your local machine.
- Rename the file to be
ca.crt
.
- Copy the embedded Harbor Registry
ca.crt
file that you downloaded to the appropriate directory on a host where Docker is installed. The default certificate location differs depending on the type of OS that the Docker client is running.
Note: If you do not install the
ca.crt
in the default location, you can pass the
--tlscacert /path/to/ca.crt
flag when you log in using the
vSphere Docker Credential Helper.
- Once the import is complete, restart the Docker daemon.
- Linux
sudo systemctl restart docker.service
- Mac
Use the Docker Desktop menu option Restart Docker, or the command R
keyboard shortcut.