diff --git a/registry/config_unix.go b/registry/config_unix.go
index 32f167d08b..df970181de 100644
--- a/registry/config_unix.go
+++ b/registry/config_unix.go
@@ -8,7 +8,9 @@ const (
 
 	// DefaultV2Registry is the URI of the default v2 registry
 	DefaultV2Registry = "https://registry-1.docker.io"
+)
 
+var (
 	// CertsDir is the directory where certificates are stored
 	CertsDir = "/etc/docker/certs.d"
 )
diff --git a/registry/registry.go b/registry/registry.go
index 9c8666eaca..6a0587a237 100644
--- a/registry/registry.go
+++ b/registry/registry.go
@@ -62,7 +62,7 @@ func newTLSConfig(hostname string, isSecure bool) (*tls.Config, error) {
 
 	tlsConfig.InsecureSkipVerify = !isSecure
 
-	if isSecure {
+	if isSecure && CertsDir != "" {
 		hostDir := filepath.Join(CertsDir, cleanPath(hostname))
 		logrus.Debugf("hostDir: %s", hostDir)
 		if err := ReadCertsDirectory(&tlsConfig, hostDir); err != nil {