"oc adm verify-image-signature" fails due to x509: certificate signed by unknown authority

Solution Verified - Updated -

Issue

  • oc adm verify-image-signature always fails with x509: certificate signed by unknown authority error.
# oc adm verify-image-signature sha256:xxx --expected-identity=docker-registry.default.svc:5000/test-project/centos --public-key /root/.gnupg/pubring.gpg
error verifying signature sha256:xxx@xxx for image sha256:xxx (verification status will be removed): failed to get image "sha256:xxx" manifest: Get https://docker-registry.default.svc:5000/v2/: x509: certificate signed by unknown authority
... snip ...
  • How to specify cert for expected-identity like docker-registry.default.svc ?

Environment

  • OpenShift Container Platform
    • 3.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content