From f18c6702414954347cee98e27f0750675bc3dcb2 Mon Sep 17 00:00:00 2001 From: Derek McGowan Date: Tue, 1 Nov 2016 16:43:50 -0700 Subject: [PATCH] Update note about custom certs with system certs Fixed incorrect statement about example layout Related to https://github.com/docker/docker/pull/27918 Signed-off-by: Derek McGowan (github: dmcgowan) --- engine/security/certificates.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/engine/security/certificates.md b/engine/security/certificates.md index 5684e331e30..698c06ebfe9 100644 --- a/engine/security/certificates.md +++ b/engine/security/certificates.md @@ -27,8 +27,10 @@ A custom certificate is configured by creating a directory under `localhost`). All `*.crt` files are added to this directory as CA roots. > **Note:** -> In the absence of any root certificate authorities, Docker -> will use the system default (i.e., host's root CA set). +> As of docker 1.13, on Linux any root certificates authorities will be merged +> in with the system defaults (i.e., host's root CA set). Prior to 1.13 and on +> Windows, the system default certificates will only be used when there are no +> custom root certificates provided. The presence of one or more `.key/cert` pairs indicates to Docker that there are custom certificates required for access to the desired @@ -39,7 +41,7 @@ repository. > order. If there is an authentication error (e.g., 403, 404, 5xx, etc.), Docker > will continue to try with the next certificate. -The following illustrates a configuration with multiple certs: +The following illustrates a configuration with custom certificates: ``` /etc/docker/certs.d/ <-- Certificate directory