Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- mkdir docker-ca
- chmod 0700 docker-ca/
- cd docker-ca/
- # CA key
- openssl genrsa -aes256 -out ca-key.pem 2048
- # CA certificate
- openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem
- # Server key
- openssl genrsa -out server-key.pem 2048
- # Server CSR
- openssl req -subj "/CN=<public hostname>" -new -key server-key.pem -out server.csr
- # Alts
- echo 'subjectAltName = IP:<public host IP>,IP:<private host IP>IP:127.0.0.1' > extfile.cnf
- # Server certificate
- openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -extfile extfile.cnf
- # Client key
- openssl genrsa -out client-key.pem 2048
- # Client CSR
- openssl req -subj '/CN=client' -new -key client-key.pem -out client.csr
- # clientAuth
- echo extendedKeyUsage = clientAuth > extfile.cnf
- # Client certificate
- openssl x509 -req -days 365 -in client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out client-cert.pem -extfile extfile.cnf
- # Securing
- chmod -v 0400 *-key.pem
- chmod -v 0444 ca.pem *-cert.pem
- # Moving
- sudo mkdir -p /etc/docker
- sudo chown docker:docker /etc/docker
- sudo chmod 700 /etc/docker
- sudo cp ~/docker-ca/{ca,server-*}.pem /etc/docker
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement