diff --git a/pkg/executor/push.go b/pkg/executor/push.go
index a02d5b9b9..eea855710 100644
--- a/pkg/executor/push.go
+++ b/pkg/executor/push.go
@@ -64,7 +64,10 @@ func CheckPushPermissions(opts *config.KanikoOptions) error {
 		if checked[destRef.Context().RepositoryStr()] {
 			continue
 		}
-		if err := remote.CheckPushPermission(destRef, creds.GetKeychain(), http.DefaultTransport); err != nil {
+
+		registryName := destRef.Repository.Registry.Name()
+		tr := makeTransport(opts, registryName)
+		if err := remote.CheckPushPermission(destRef, creds.GetKeychain(), tr); err != nil {
 			return errors.Wrapf(err, "checking push permission for %q", destRef)
 		}
 		checked[destRef.Context().RepositoryStr()] = true
@@ -126,13 +129,7 @@ func DoPush(image v1.Image, opts *config.KanikoOptions) error {
 			return errors.Wrap(err, "resolving pushAuth")
 		}
 
-		// Create a transport to set our user-agent.
-		tr := http.DefaultTransport
-		if opts.SkipTLSVerify || opts.SkipTLSVerifyRegistries.Contains(registryName) {
-			tr.(*http.Transport).TLSClientConfig = &tls.Config{
-				InsecureSkipVerify: true,
-			}
-		}
+		tr := makeTransport(opts, registryName)
 		rt := &withUserAgent{t: tr}
 
 		if err := remote.Write(destRef, image, pushAuth, rt); err != nil {
@@ -143,6 +140,17 @@ func DoPush(image v1.Image, opts *config.KanikoOptions) error {
 	return nil
 }
 
+func makeTransport(opts *config.KanikoOptions, registryName string) http.RoundTripper {
+	// Create a transport to set our user-agent.
+	tr := http.DefaultTransport
+	if opts.SkipTLSVerify || opts.SkipTLSVerifyRegistries.Contains(registryName) {
+		tr.(*http.Transport).TLSClientConfig = &tls.Config{
+			InsecureSkipVerify: true,
+		}
+	}
+	return tr
+}
+
 // pushLayerToCache pushes layer (tagged with cacheKey) to opts.Cache
 // if opts.Cache doesn't exist, infer the cache from the given destination
 func pushLayerToCache(opts *config.KanikoOptions, cacheKey string, tarPath string, createdBy string) error {