Skip to content

Instantly share code, notes, and snippets.

@leanderjanssen
Created April 8, 2017 15:23
Show Gist options
  • Save leanderjanssen/30d4b67fa235ef39c8e2db2fbf503d5a to your computer and use it in GitHub Desktop.
Save leanderjanssen/30d4b67fa235ef39c8e2db2fbf503d5a to your computer and use it in GitHub Desktop.
Create Registry Server certificate
#!/bin/bash
# Retrieve public and private ip of instance
PUBLIC_HOSTNAME=$(curl -s http://169.254.169.254/latest/meta-data/public-hostname)
PUBLIC_IP=$(curl -s http://169.254.169.254/latest/meta-data/public-ipv4)
PRIVATE_IP=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)
# Generate openssl config for self-signed certificate with SANs
cat << EOF > ~/domain.cnf
[ ca ]
default_ca = CA_default
[ CA_default ]
x509_extensions = usr_cert
name_opt = ca_default
cert_opt = ca_default
default_days = 365
default_crl_days = 30
default_md = default
preserve = no
[ req ]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca
string_mask = utf8only
[ req_distinguished_name ]
[ req_attributes ]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = CA:true
subjectAltName = @alt_names
[alt_names]
DNS.1 = ${PUBLIC_HOSTNAME}
IP.1 = ${PUBLIC_IP}
IP.2 = ${PRIVATE_IP}
EOF
# Generate self-signed certificate for Registry Server
openssl req -newkey rsa:2048 -nodes -sha256 -keyout domain.key -x509 \
-subj "/CN=${PUBLIC_HOSTNAME}/OU=Registry Server/O=Docker Training/L=London/C=UK" \
-config ~/domain.cnf -days 365 -out domain.crt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment