Skip to content

Instantly share code, notes, and snippets.

@superseb

superseb/intermediate-certificate-rancher.md

Last active October 26, 2020 14:15
Show Gist options
  • Save superseb/14ce3c94e0d6896bb43b19b70543be67 to your computer and use it in GitHub Desktop.
Save superseb/14ce3c94e0d6896bb43b19b70543be67 to your computer and use it in GitHub Desktop.
Download ZIP
Generate CA, intermediate CA and server certificate with DNS alt names using Terraform in Docker and launch Rancher
Raw
intermediate-certificate-rancher.md

Generate CA, intermediate CA and server certificate with DNS alt names using Terraform in Docker and launch Rancher

Generate CA, intermediate CA and server certificate

docker run --rm -v $PWD/testcerts:/tmp/certs/files -e TF_VAR_ip_addresses='["127.0.0.1"]' -e TF_VAR_dns_names='["yolo.seb.local"]' superseb/intermediate

Run Rancher

Run Rancher container with mounted certificates

docker run -d --privileged -p 80:80 -p 443:443 --restart=unless-stopped -v $PWD/testcerts/server.fullchain.crt:/etc/rancher/ssl/cert.pem -v $PWD/testcerts/server.key:/etc/rancher/ssl/key.pem -v $PWD/testcerts/root_ca.crt:/etc/rancher/ssl/cacerts.pem rancher/rancher

Test certificates using the CA root

docker run --rm -v $PWD/testcerts:/certs --net host appropriate/curl -v --cacert /certs/root_ca.crt https://127.0.0.1

Test Rancher with broken certificate (missing intermediate)

Run Rancher container with mounted certificates (server.crt instead of server.fullchain.crt)

docker run -d --privileged -p 80:80 -p 443:443 --restart=unless-stopped -v $PWD/testcerts/server.crt:/etc/rancher/ssl/cert.pem -v $PWD/testcerts/server.key:/etc/rancher/ssl/key.pem -v $PWD/testcerts/root_ca.crt:/etc/rancher/ssl/cacerts.pem rancher/rancher

Test certificates using the CA root

docker run --rm -v $PWD/testcerts:/certs --net host appropriate/curl -v --cacert /certs/root_ca.crt https://127.0.0.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment