Unable to pull image from external registry in OCP 3.11

Issue

• OpenShift is Using 3rd private image registry (like docker-distribution) instead of "registry.redhat.io".
• The configuration of Cert/Docker is done by following this KCS
• All nodes can use pull/push/login operations with docker-distribution.
• Can create APP via "oc new-app --docker-image=xxxx".
• Can import image from docker-distribution via "oc import-image" with no certificate error.
• Cannot create APP via default template, always faced to cert error:x509: certificate signed by unknown authority.
• By checking the event of deployment, it will always pull the image from docker-registry.default.svc:5000.

[deploy from template]
9s          9s           1         postgresql-1-tnfms.15673814c80338e9            Pod                     spec.containers{postgresql}        Normal    Pulling             kubelet, node3.cluster.local           pulling image "docker-registry.default.svc:5000/openshift/postgresql@sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
9s          9s           1         postgresql-1-tnfms.15673814d65b93dd            Pod                     spec.containers{postgresql}        Warning   Failed              kubelet, node3.cluster.local           Failed to pull image "docker-registry.default.svc:5000/openshift/postgresql@sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx": rpc error: code = Unknown desc = unknown: unable to pull manifest from <hide the url of private registry>/rhscl/postgresql-94-rhel7:latest: Get https://<hide the url of private registry>/v2/: x509: certificate signed by unknown authority