Skip to content

Instantly share code, notes, and snippets.

@capoferro

capoferro/docker-ssl-cert-generate

Forked from cameron/docker-ssl-cert-generate
Last active May 14, 2017 02:09
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save capoferro/ba4b5b446aa6b62604cb17029c29a06c to your computer and use it in GitHub Desktop.
Save capoferro/ba4b5b446aa6b62604cb17029c29a06c to your computer and use it in GitHub Desktop.
Download ZIP
Generate self-signed SSL certs for docker client <— HTTPS —> daemon
Raw
docker-ssl-cert-generate
#! /bin/bash
# HEADS UP! Make sure to use '*' or a valid hostname for the FDQN prompt
echo 01 > ca.srl
openssl genrsa -out ca-key.pem
openssl req -new -x509 -days 365 -key ca-key.pem -out ca.pem
openssl genrsa -out server-key.pem
openssl req -new -key server-key.pem -out server.csr
echo subjectAltName = DNS:$HOST,IP:10.10.10.20,IP:127.0.0.1 > extfile.cnf
openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca-key.pem -out server-cert.pem -extfile extfile.cnf
openssl genrsa -out client-key.pem
openssl req -new -key client-key.pem -out client.csr
echo extendedKeyUsage = clientAuth > client-extfile.cnf
openssl x509 -req -days 365 -in client.csr -CA ca.pem -CAkey ca-key.pem -out client-cert.pem -extfile client-extfile.cnf
openssl rsa -in server-key.pem -out server-key.pem
openssl rsa -in client-key.pem -out client-key.pem
# server
# sudo docker -d --tlsverify --tlscacert=ca.pem --tlscert=server-cert.pem --tlskey=server-key.pem -H=0.0.0.0:4243
# client -- note that this uses --tls instead of --tlsverify, which I had trouble with
# docker --tls --tlscacert=ca.pem --tlscert=client-cert.pem --tlskey=client-key.pem -H=dns-name-of-docker-host:4243
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment