From 643b817b7b59b05c4f8eecea1a458ef29f2c9b09 Mon Sep 17 00:00:00 2001 From: Jim Galasyn Date: Thu, 13 Jul 2017 12:35:16 -0700 Subject: [PATCH] Add alias for Notary cert directory (#3889) --- notary/running_a_service.md | 39 ++++++------------------------------- 1 file changed, 6 insertions(+), 33 deletions(-) diff --git a/notary/running_a_service.md b/notary/running_a_service.md index 6ccb48594a..3c1db70d8d 100644 --- a/notary/running_a_service.md +++ b/notary/running_a_service.md @@ -200,42 +200,15 @@ environment. The sample private key files in the Notary repository are obviously public knowledge and using them in a production deployment is highly insecure. -### Certificates on CentOS +### Certificate directory -For CentOS 6 and CentOS 7, use the following steps to add trusted root -certificates. - -1. Install the `ca-certificates` package: - - ```bash - $ yum install ca-certificates - ``` - -2. Use the `update-ca-trust` command with the `force-enable` option - to enable dynamic CA configuration: - - ```bash - $ update-ca-trust force-enable - ``` - -3. Copy the certificate to the `/etc/pki/ca-trust/source/anchors/` directory: - - ```bash - $ cp your-cert.crt /etc/pki/ca-trust/source/anchors/` - ``` - -4. Use the `update-ca-trust` command to produce updated versions of the - consolidated configuration files: - - ```bash - $ update-ca-trust extract - ``` - -For CentOS 5, just add your certificate to the bundle. Append your trusted -certificate to the bundle file at `/etc/pki/tls/certs/ca-bundle.crt`: +Notary is a user/client-based system, and it searches for certificates in the +user's home directory, at `~/.docker/trust`. To streamline using Notary from +the command line, create an alias that maps the user's `trust` directory to +the the system's `ca-certificates` directory. ```bash -$ cat your-cert.crt >> /etc/pki/tls/certs/ca-bundle.crt +$ alias notary="notary -s https:// -d ~/.docker/trust --tlscacert /usr/local/share/ca-certificates/.crt" ``` ### Databases