Skip to content

Instantly share code, notes, and snippets.

@gitawego
Last active August 30, 2016 13:38
Show Gist options
  • Select an option

  • Save gitawego/989f7343fb6afbe4e4dee4503159a005 to your computer and use it in GitHub Desktop.

Select an option

Save gitawego/989f7343fb6afbe4e4dee4503159a005 to your computer and use it in GitHub Desktop.
generate self signed certificates for docker
#! /bin/bash
SCRIPT_PATH=$(cd "$(dirname "$0")"; pwd);
# HEADS UP! Make sure to use '*' or a valid hostname for the FDQN prompt
CERT_NAME=domain
CERT_ROOT=domainroot
DOMAIN_NAME=domain
FOLDER=${SCRIPT_PATH}/certs/self-signed
CERTS_TMP=certs-tmp
cd ${SCRIPT_PATH}
mkdir -p ${CERTS_TMP}
rm -rf ${CERTS_TMP}/*
cd ${CERTS_TMP}
cp ../registry-openssl.cnf ./openssl.cnf
#gen root key
openssl genrsa -out ${CERT_ROOT}.key 2048
#Generate a root certificate (enter whatever you'd like at the prompts)
#this will be used in each docker client
openssl req -x509 -new -nodes -key ${CERT_ROOT}.key -days 10000 -out ${CERT_ROOT}.crt
#gen key for registry SERVER
openssl genrsa -out ${CERT_NAME}.key 2048
#make a certificate signing request for registry server
openssl req -new -out ${CERT_NAME}.csr -key ${CERT_NAME}.key -config openssl.cnf
#to check info
#openssl req -text -noout -in ${CERT_NAME}.csr
#sign key for registry server
openssl x509 -req -in ${CERT_NAME}.csr -CA ${CERT_ROOT}.crt -CAkey ${CERT_ROOT}.key -CAcreateserial -out ${CERT_NAME}.crt -days 10000 -extensions v3_req -extfile openssl.cnf
#sudo mkdir /usr/local/share/ca-certificates/${SERVER}
#sudo cp ${CERT_ROOT}.crt /usr/local/share/ca-certificates/${SERVER}/${CERT_ROOT}.crt
#sudo update-ca-certificates
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
[req_distinguished_name]
countryName = FR
countryName_default = US
stateOrProvinceName = ILE DE FRANCE
stateOrProvinceName_default = MN
localityName = PARIS
localityName_default = Minneapolis
organizationalUnitName = FOOD
organizationalUnitName_default = Domain Control Validated
commonName = YOUR_COMPANY_NAME
commonName_max = 64
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = registry.domain.net
DNS.2 = domain.net
IP.1 = 192.168.100.16
IP.2 = 192.168.101.14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment