Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Generate self-signed SSL certs for docker client <— HTTPS —> daemon
#! /bin/bash
# HEADS UP! Make sure to use '*' or a valid hostname for the FDQN prompt
echo 01 >
openssl genrsa -des3 -out ca-key.pem
openssl req -new -x509 -days 365 -key ca-key.pem -out ca.pem
openssl genrsa -des3 -out server-key.pem
openssl req -new -key server-key.pem -out server.csr
openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca-key.pem -out server-cert.pem
openssl genrsa -des3 -out client-key.pem
openssl req -new -key client-key.pem -out client.csr
echo extendedKeyUsage = clientAuth > extfile.cnf
openssl x509 -req -days 365 -in client.csr -CA ca.pem -CAkey ca-key.pem -out client-cert.pem -extfile extfile.cnf
openssl rsa -in server-key.pem -out server-key.pem
openssl rsa -in client-key.pem -out client-key.pem
# server
# sudo docker -d --tlsverify --tlscacert=ca.pem --tlscert=server-cert.pem --tlskey=server-key.pem -H=
# client -- note that this uses --tls instead of --tlsverify, which I had trouble with
# docker --tls --tlscacert=ca.pem --tlscert=client-cert.pem --tlskey=client-key.pem -H=dns-name-of-docker-host:4243
Copy link

vraman0601 commented Aug 14, 2015

Add Overwrite to Certificate to prevent issues in case of multiple installs (like in my case) :(

Copy link

bhurlow commented Dec 29, 2015


Copy link

bhurlow commented Jan 20, 2016

@cameron do you know how to generate a cert thats valid for all IPs as well as * hostname?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment