.nh
.TH containers\-certs.d(5)

.SH NAME
.PP
containers\-certs.d \- Directory for storing custom container\-registry TLS configurations


.SH DESCRIPTION
.PP
A custom TLS configuration for a container registry can be configured by creating a directory under \fB\fC$HOME/.config/containers/certs.d\fR or \fB\fC/etc/containers/certs.d\fR\&.
The name of the directory must correspond to the \fB\fChost:port\fR of the registry (e.g., \fB\fCmy\-registry.com:5000\fR).

.SH Directory Structure
.PP
A certs directory can contain one or more files with the following extensions:

.RS
.IP \(bu 2
\fB\fC*.crt\fR  files with this extensions will be interpreted as CA certificates
.IP \(bu 2
\fB\fC*.cert\fR files with this extensions will be interpreted as client certificates
.IP \(bu 2
\fB\fC*.key\fR  files with this extensions will be interpreted as client keys

.RE

.PP
Note that the client certificate\-key pair will be selected by the file name (e.g., \fB\fCclient.{cert,key}\fR).
An examplary setup for a registry running at \fB\fCmy\-registry.com:5000\fR may look as follows:

.PP
.RS

.nf
/etc/containers/certs.d/    <\- Certificate directory
└── my\-registry.com:5000    <\- Hostname:port
   ├── client.cert          <\- Client certificate
   ├── client.key           <\- Client key
   └── ca.crt               <\- Certificate authority that signed the registry certificate

.fi
.RE


.SH HISTORY
.PP
Feb 2019, Originally compiled by Valentin Rothberg rothberg@redhat.com
\[la]mailto:rothberg@redhat.com\[ra]