docker push with local notary server returns error: x509: certificate signed by unknown authority
With docker content trust, you can add the CA to the user's home directory in a subdirectory under ~/.docker/tls
:
mkdir -p ~/.docker/tls/${content_trust_hostname}
cp ca.pem ~/.docker/tls/${content_trust_hostname}/ca.crt
export DOCKER_CONTENT_TRUST=1
docker push ${content_trust_hostname}/${your_repo}:${tag}
Note that the certificate likely needs to end with "crt" and if you don't override the content trust server, the hostname will match the registry name.