x509: certificate signed by unknown authority error from private registry after CA trust has been updated

Solution Verified - Updated -


  • After updating a system with the CA for a private registry, the following error is reported when attempting a docker login:
    Error response from daemon: Get https://registry.example.com/v1/users/: x509: certificate signed by unknown authority
  • When loading the images at web console:
Could not load image metadata.
Internal error occurred: Get https://<registry.example.com>:<port>/v2/: x509: certificate signed by unknown authority"


  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux Atomic Host
  • Red Hat OpenShift Container Platform 3.X
  • Standalone private container registry

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In