Build process cannot pull image from the external registry which has a custom certificate

Solution Verified - Updated -


  • I cannot deploy an image because building image fails while trying to pull the image from the external registry, which has a custom certificate:

    Cloning "" ...
    pulling image error : unknown: unable to pull manifest from Get  x509: certificate signed by unknown authority
    error: build error: unable to get docker-registry.default.svc:5000/openshift/httpd@sha256:
  • I can pull the image with docker or inspect with skopeo from the nodes, but it fails during deployment.

  • External registry CA certificate is not trusted, but I have already copied it to the master.

NOTE: For OCP4 related issues please check on this documentation.


  • Openshift Container Platform (OCP) 3.11
  • External docker registry with a custom/self-signed CA certificate

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In