# openssl genrsa -aes256 -out ca-key.pem 4096 Generating RSA privatekey, 4096 bit long modulus .................................................................................................................................................++ .........................................++ e is65537 (0x10001) Enter pass phrase for ca-key.pem: Verifying - Enter pass phrase for ca-key.pem:
# openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem Enter pass phrase for ca-key.pem: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:CN State or Province Name (full name) [Some-State]:Zhejiang Locality Name (eg, city) []:Hangzhou Organization Name (eg, company) [Internet Widgits Pty Ltd]:superjambo.net Organizational Unit Name (eg, section) []:marketing Common Name (e.g. server FQDN or YOUR name) []:www.superjambo.net Email Address []:[email protected]
现在我们有了用于签发证书的公钥(ca.pem)和私钥(ca-key.pem),接下来我们生成用于 server 端的私钥以及证书签名请求(CSR)。
1 2 3 4 5 6 7
# openssl genrsa -out server-key.pem 4096 Generating RSA privatekey, 4096 bit long modulus ..................................................................++ ..................................................................................................................................................................................++ e is65537 (0x10001)
# DOCKER_HOST=www.superjambo.net:2376 docker ps Get http://www.superjambo.net:2376/v1.21/containers/json: malformed HTTP response "\x15\x03\x01\x00\x02\x02". * Are you trying to connect toa TLS-enabled daemon without TLS?
然后我们通过证书再次访问,看看结果如何。
1 2 3
# DOCKER_HOST=mynas:2376 docker --tlsverify --tlscacert=/etc/default/docker.d/ca.pem --tlscert=/etc/default/docker.d/cert.pem --tlskey=/etc/default/docker.d/key.pem ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 9820c8c9f726 dperson/transmission "transmission.sh" 7 months ago Up 22 minutes 0.0.0.0:9091->9091/tcp, 0.0.0.0:51413->51413/tcp, 51413/udp transmission
# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 9820c8c9f726 dperson/transmission "transmission.sh"7 months ago Up 26 minutes 0.0.0.0:9091->9091/tcp, 0.0.0.0:51413->51413/tcp, 51413/udp transmission