OPMS Install registry.watchmouse.com - Invalid Certificate Error

Document ID : KB000124056
Last Modified Date : 08/01/2019
Show Technical Document Details
Introduction:
Our ASM environment communicates to the internet via proxy server and connections to registry.watchmouse.com are failing due to a certificate validation failure. For example:

docker pull registry.watchmouse.com/asm/smartpop-jmeter:production 
Trying to pull repository registry.watchmouse.com/asm/smartpop-jmeter ... 
Get https://registry.watchmouse.com/v1/_ping: x509: certificate signed by unknown authority 
Environment:
OPMS 10.x installations. 
Instructions:
The first and preferred way to address this problem is to copy needed proxy certificates in PEM format to /etc/docker/certs.d/registry.watchmouse.com/

Docker should then trust presented certificate and proceed with the OPMS install. You can check the issuer of your proxy certificate with the command...
echo QUIT | openssl s_client -connect registry.watchmouse.com:443 2>/dev/null | egrep '^(subject|issuer)=' 

Alternatively, you can also bypass the certificate check, though this is not usually recommended...

Edit the /etc/sysconfig/docker, uncomment and update the line... 
INSECURE_REGISTRY='--insecure-registry registry.watchmouse.com' 

Save and exit and then run
systemctl restart docker 

Thereafter, docker pull commands issued by the OPMS should succeed. Should you have run the installer on the server already, please also remove the packages that pull docker images before attempting install again...
yum remove asm-smartpop-checkpoint.noarch 
yum remove asm-smartpop-rbtm.x86_64 

...then re-run the OPMS installer