-
-
Save roma86/11666859f16ba9ec6c77 to your computer and use it in GitHub Desktop.
Add self signed sertificate to boot2docker
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ##This script help solve boot2docker self signed certificates issue | |
| **Start here:** | |
| irgeek [shared his solution](https://github.com/boot2docker/boot2docker/issues/347#issuecomment-70950789) | |
| I had to solve this for a second time today as I restarted the VM without realising the way I did it last time wouldn't be persisted. So I created /var/lib/boot2docker/certs/, chucked all of the private certs I need in there and added created /var/lib/boot2docker/bootlocal.sh to install them. Gisted for everyone's downloading pleasure: https://gist.github.com/irgeek/afb2e05775fff532f960 | |
| Some notes about the certs in the /var/lib/boot2docker/certs/ directory: | |
| They need to be PEM formatted | |
| If you're behind a corporate MITM proxy, you should to add all the certificates in the chain. | |
| One cert per file. If you've been given a chain file, just split out the individual certs. Naming the files based on subject makes figuring out what's there so much easier too. For the lazy, the following commands will split a chain file into individual files and rename them based on the certificate subject: | |
| ###For me this is not works. But [this comment was helpful:](https://github.com/boot2docker/boot2docker/issues/347#issuecomment-78528680) | |
| I got it working in a similar manner: | |
| sudo chmod +x /var/lib/boot2docker/bootlocal.sh | |
| exit | |
| boot2docker restart |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| BOOT2DOCKER_CERTS_DIR=/var/lib/boot2docker/certs | |
| CERTS_DIR=/etc/ssl/certs | |
| CAFILE=${CERTS_DIR}/ca-certificates.crt | |
| for cert in $(/bin/ls -1 ${BOOT2DOCKER_CERTS_DIR}); do | |
| SRC_CERT_FILE=${BOOT2DOCKER_CERTS_DIR}/${cert} | |
| CERT_FILE=${CERTS_DIR}/${cert} | |
| HASH_FILE=${CERTS_DIR}/$(/usr/local/bin/openssl x509 -noout -hash -in ${SRC_CERT_FILE} 2>/dev/null) | |
| [ ! -L ${CERT_FILE} ] && /bin/ln -fs ${SRC_CERT_FILE} ${CERT_FILE} | |
| for idx in $(/usr/bin/seq 0 9); do | |
| if [ -L ${HASH_FILE}.${idx} ]; then | |
| [ "$(/usr/bin/readlink ${HASH_FILE}.${idx})" = "${SRC_CERT_FILE}" ] && break | |
| else | |
| /bin/ln -fs ${SRC_CERT_FILE} ${HASH_FILE}.${idx} | |
| break | |
| fi | |
| done | |
| /bin/cat ${SRC_CERT_FILE} >> ${CAFILE} | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment