containers-certs.d(5) storing containers-certs.d(5)
NAME
containers-certs.d - Directory for storing custom container-registry TLS
configurations
DESCRIPTION
A custom TLS configuration for a container registry can be configured by
creating a directory under $HOME/.config/containers/certs.d or /etc/con-
tainers/certs.d. The name of the directory must correspond to the
host:port of the registry (e.g., my-registry.com:5000).
Directory Structure
A certs directory can contain one or more files with the following ex-
tensions:
• *.crt files with this extensions will be interpreted as CA
certificates
• *.cert files with this extensions will be interpreted as client
certificates
• *.key files with this extensions will be interpreted as client
keys
Note that the client certificate-key pair will be selected by the file
name (e.g., client.{cert,key}). An exemplary setup for a registry run-
ning at my-registry.com:5000 may look as follows:
/etc/containers/certs.d/ <- Certificate directory
└── my-registry.com:5000 <- Hostname:port
├── client.cert <- Client certificate
├── client.key <- Client key
└── ca.crt <- Certificate authority that signed the registry certificate
HISTORY
Feb 2019, Originally compiled by Valentin Rothberg rothberg@redhat.com
⟨mailto:rothberg@redhat.com⟩
for Directory containers-certs.d(5)
Generated by dwww version 1.16 on Tue Dec 16 05:56:21 CET 2025.