diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index c5b57c2b1..5a10c5ba0 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -13,6 +13,11 @@ on:
 jobs:
   build:
     runs-on: ubuntu-20.04
+    services:
+      registry:
+        image: registry:2
+        ports:
+          - 5000:5000
     strategy:
       matrix:
         go-version: ${{fromJson(inputs.go-version)}}
@@ -36,6 +41,8 @@ jobs:
           (cd /tmp && git clone https://github.com/anuvu/squashfs && cd squashfs && make && sudo cp squashtool/squashtool /usr/bin)
       - run: |
           make check PRIVILEGE_LEVEL=${{ matrix.privilege-level }}
+        env:
+          REGISTRY_URL: localhost:5000
       - uses: actions/cache@v2
         id: restore-build
         with:
diff --git a/cmd/publish.go b/cmd/publish.go
index dbcd22bca..76617f111 100644
--- a/cmd/publish.go
+++ b/cmd/publish.go
@@ -40,6 +40,10 @@ var publishCmd = cli.Command{
 			Name:  "password",
 			Usage: "password for the registry where the OCI images are published",
 		},
+		cli.BoolFlag{
+			Name:  "skip-tls",
+			Usage: "skip tls verify on upstream registry",
+		},
 		cli.StringSliceFlag{
 			Name:  "tag",
 			Usage: "tag to be used when publishing",
@@ -109,6 +113,7 @@ func doPublish(ctx *cli.Context) error {
 		Password:   ctx.String("password"),
 		Force:      ctx.Bool("force"),
 		Progress:   shouldShowProgress(ctx),
+		SkipTLS:    ctx.Bool("skip-tls"),
 		LayerTypes: layerTypes,
 	}
 
diff --git a/lib/image.go b/lib/image.go
index 5e133bc70..c2a686598 100644
--- a/lib/image.go
+++ b/lib/image.go
@@ -94,6 +94,7 @@ func ImageCopy(opts ImageCopyOpts) error {
 
 	if opts.SrcSkipTLS {
 		args.SourceCtx.DockerInsecureSkipTLSVerify = types.OptionalBoolTrue
+		args.SourceCtx.DockerDaemonInsecureSkipTLSVerify = true
 	}
 
 	if opts.SrcUsername != "" {
@@ -107,6 +108,7 @@ func ImageCopy(opts ImageCopyOpts) error {
 
 	if opts.DestSkipTLS {
 		args.DestinationCtx.DockerInsecureSkipTLSVerify = types.OptionalBoolTrue
+		args.DestinationCtx.DockerDaemonInsecureSkipTLSVerify = true
 	}
 
 	if opts.DestUsername != "" {
diff --git a/publisher.go b/publisher.go
index 8b162783e..5d0c1c708 100644
--- a/publisher.go
+++ b/publisher.go
@@ -26,6 +26,7 @@ type PublishArgs struct {
 	Password   string
 	Force      bool
 	Progress   bool
+	SkipTLS    bool
 	LayerTypes []types.LayerType
 }
 
@@ -142,6 +143,7 @@ func (p *Publisher) Publish(file string) error {
 					DestPassword: opts.Password,
 					Progress:     progressWriter,
 					SrcSkipTLS:   true,
+					DestSkipTLS:  opts.SkipTLS,
 				})
 				if err != nil {
 					return err
diff --git a/test/publish.bats b/test/publish.bats
index e444bc65c..f9d83bc50 100644
--- a/test/publish.bats
+++ b/test/publish.bats
@@ -150,3 +150,82 @@ function teardown() {
     mount -t squashfs oci/blobs/sha256/$layer1 layer1
     [ -f layer1/root/ls_out ]
 }
+
+@test "publish tag to unsecure registry" {
+    if [ -z "${REGISTRY_URL}" ]; then
+        skip "skipping test because no registry found in REGISTRY_URL env variable"
+    fi
+
+    stacker build -f ocibuilds/sub4/stacker.yaml
+    stacker publish --skip-tls -f ocibuilds/sub4/stacker.yaml --url docker://${REGISTRY_URL} --tag test1
+
+    # check content of published image
+    # should have /root/ls_out from sub4/stacker.yaml
+    mkdir -p ocibuilds/sub7
+    cat > ocibuilds/sub7/stacker.yaml <<EOF
+published:
+    from:
+        type: docker
+        url: docker://${REGISTRY_URL}/layer4:test1
+    run: |
+        cat /root/ls_out
+EOF
+
+}
+
+@test "publish multiple tags to unsecure registry" {
+    if [ -z "${REGISTRY_URL}" ]; then
+        skip "skipping test because no registry found in REGISTRY_URL env variable"
+    fi
+
+    stacker build -f ocibuilds/sub1/stacker.yaml
+    stacker publish --skip-tls -f ocibuilds/sub1/stacker.yaml --url docker://${REGISTRY_URL} --tag test1 --tag test2
+
+    # check content of published image
+    # should have /root/import1 from sub1/stacker.yaml
+    mkdir -p ocibuilds/sub8
+    cat > ocibuilds/sub8/stacker.yaml <<EOF
+published:
+    from:
+        type: docker
+        url: docker://${REGISTRY_URL}/layer1:test1
+    run: |
+        [ -f /root/import1 ]
+EOF
+
+    # check content of published image
+    # should have /root/import1 from sub1/stacker.yaml
+    mkdir -p ocibuilds/sub9
+    cat > ocibuilds/sub9/stacker.yaml <<EOF
+published:
+    from:
+        type: docker
+        url: docker://${REGISTRY_URL}/layer1:test2
+    run: |
+        [ -f /root/import1 ]
+EOF
+
+
+}
+
+@test "publish multiple layers recursively to unsecure registry" {
+    if [ -z "${REGISTRY_URL}" ]; then
+        skip "skipping test because no registry found in REGISTRY_URL env variable"
+    fi
+
+    stacker recursive-build -d ocibuilds
+    stacker publish --skip-tls -d ocibuilds --url docker://${REGISTRY_URL} --tag test1
+
+    # check content of published image
+    # layer6 should have /root/import1 from sub1/stacker.yaml
+    mkdir -p ocibuilds/sub10
+    cat > ocibuilds/sub10/stacker.yaml <<EOF
+published:
+    from:
+        type: docker
+        url: docker://${REGISTRY_URL}/layer6:test1
+    run: |
+        [ -f /root/import1 ]
+EOF
+
+}