Prisma Cloud Compute: Registry scanning error x509: certificate signed by unknown authority, find and fix cert

• Registry scan fails with below error
• Scanner <Defender>
Failed to pull image <Image:tag>, error Error initializing source docker://<Registry-Image-tag>: error pinging docker registry <registry>: Get "<registry>": x509: certificate signed by unknown authority
• Docker pull for the image is successful from the host/node. 

• Prisma Cloud Compute (SaaS) 
• Prisma Cloud Compute Edition (Self Hosted) 19.11 or later

• The correct CA certificate is not present in any of the following directories but is present somewhere on the host/node: 
  • "/etc/docker/certs.d/<registry>"
    "/etc/containers/certs.d/<registry>"
    "/etc/containerd/certs.d/<registry>"

1. To locate where the correct CA certificate exists on the host/node, please run the following command from the host: curl -vvv <registry_URL>
2. You should receive a 200 OK response with the CA file location like below:

...
successfully set certificate verify locations:
CAfile: /path/to/ca.crt
...

3. Copy the ca.cert file to the directory /etc/docker/certs.d/<registry>/ca.crt on each host/node that will be scanning the registry. You may use any of the 3 directories mentioned in the Cause section since the defender will check each path serially for the CA certificate related to the registry. 

• You should not have to mount the certs.d directories to the defender daemonset.yaml, the defender should be able to access these paths by default.