Hi all,

so I have now configured the registry to do HTTPS. The certificate is 
self-signed. I now get the log message 

failed to start: Failed to perform 'curl': curl: (60) Peer's certificate issuer 
has been marked as not trusted by the user.

This is curl’s way of saying that a valid CA certificate is missing for the 
certificate offered by the HTTPS host. However, I have installed the CA 
certificate for my self-signed certificate in the OS’s (CentOS 8) CA trust 
store. To verify, when I try curl on the command line e.g.

curl https://mother:5000/v2/_catalog

I get the correct reply from the registry.

—> How can I install my CA certificate so that mesos' curl knows it when 
contacting the registry?

Thanks and best regards,
Ben


> On 27. Aug 2020, at 15:58, Benjamin Wulff <benjamin.wulff...@ieee.org> wrote:
> 
> Hi all,
> 
> I’m running a Docker registry in my cluster network that does plain HTTP, no 
> HTTPS. I tried to configure it using    docker_registry    and   
> docker_config     options, providing an http:// address. When I try to run a 
> Docker image in a task it fails and I see in the log a message that CURL SSL 
> got a malformed TLS answer. So apparently Mesos still tells curl to do 
> whatever it should do via HTTPS. 
> 
> I have seen posts that seem to indicate that it will switch to HTTP 
> automatically when you provide port ‘:80’ as part of the URI for the 
> registry. However, I cannot put the registry on 80 because there is already a 
> Webserver sitting that is used for distributing artefacts in the cluster. 
> 
> —> Is there a way to tell Mesos that it (respectively curl) use HTTP instead 
> of HTTPS?
> 
> Thanks and best regards,
> Ben
> 
> PS: I also saw in the logs:
> 
> curl: option —http1.1: is unknown
> curl: try ‘curl —help’ or ‘curl —manual’ for more information
> 

Reply via email to