podman: Unable to login to docker registry using podman on macOS using certificate in keychain

Is this a FEATURE REQUEST? (leave only one on its own line)

/kind feature

Unable to login to docker registry using podman on macOS using keychain. When I try it I get this after entering username/passowrd:

x509: certificate signed by unknown authority

Note that this works perfectly with docker so not sure if its a feature podman supports or not or I am doing something wrong.

I have created a stackoverflow for it too in case: https://stackoverflow.com/questions/69111227/unable-to-login-to-docker-registry-using-podman-on-macos-x509-certificate-sig

Additional information you deem important (e.g. issue happens only occasionally):

Output of podman version:

version: 3.2.3

Output of podman info --debug:

TBA

Package info (e.g. output of rpm -q podman or apt list podman):

brew install podman

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/master/troubleshooting.md)

Yes

Additional environment details (AWS, VirtualBox, physical, etc.):

Used podman machine init and the default VM it uses

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Reactions: 3
  • Comments: 16 (6 by maintainers)

Most upvoted comments

I am struggling with this issue as well. Although, it does work if you add --tls-verify=false to all of your Rodman commands. So, “struggling” is perhaps a bit strong… 😉

However, since I have trusted the certs for my local registry, it would be nice if there were a way to inject them into the VM that podman machine creates.

+5
cgruver on Nov 14, 2021

In Docker Desktop, the certs are copied from the host into the VM that the true Docker daemon runs in. For Podman on Mac, we’d want the same thing (contents of ~/.config/containers/certs.d and ~/.config/docker/certs.d should be copied to the VM’s /etc/containers/certs.d/ directory).

+2
Conan-Kudo on Nov 23, 2021

Just bringing some Docker Desktop knowledge about certs here:

First, when starting the VM, Docker Desktop takes all installed certs (in the keychain for macOS) on the host and push them in the VM (/etc/ssl/…).

Second, user can have custom certs installer in location like this:

~/.docker/certs.d/my.secure.registry/client.cert
~/.docker/certs.d/my.secure.registry/client.key

Docker Desktop will also put these files in the right place in the VM.

+2
guillaumerose on Sep 10, 2021
Read more comments on GitHub
← podman: Unable to load an image: "payload does not match any of the supported image formats (oci, oci-archive, dir, docker-archive)"
podman: Unable to pull and verify images signed with a GPG *subkey* ("None of the signatures were accepted") →