From cfe0fadee2dafd870961d56a3752844d955acd72 Mon Sep 17 00:00:00 2001 From: Viktor Stanchev Date: Mon, 26 Oct 2015 16:54:47 -0700 Subject: [PATCH] more notary documentation Signed-off-by: Viktor Stanchev --- docs/reference/commandline/cli.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index 78d1963d35..573015d01b 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -48,6 +48,8 @@ by the `docker` command line: * `DOCKER_TLS_VERIFY` When set Docker uses TLS and verifies the remote. * `DOCKER_CONTENT_TRUST` When set Docker uses notary to sign and verify images. Equates to `--disable-content-trust=false` for build, create, pull, push, run. +* `DOCKER_CONTENT_TRUST_SERVER` The URL of the Notary server to use. This defaults + to the same URL as the registry. * `DOCKER_TMPDIR` Location for temporary Docker files. Because Docker is developed using 'Go', you can also use any environment @@ -109,6 +111,15 @@ Following is a sample `config.json` file: "psFormat": "table {{.ID}}\\t{{.Image}}\\t{{.Command}}\\t{{.Labels}}" } +### Notary + +If using your own notary server and a self-signed certificate or an internal +Certificate Authority, you need to place the certificate at +`tls//ca.crt` in your docker config directory. + +Alternatively you can trust the certificate globally by adding it to your system's +list of root Certificate Authorities. + ## Help To list the help on any command just execute the command, followed by the