DEV Community

Kananek T.
Kananek T.

Posted on

Docker Server Certificate with SSL

Step 1: Create the Certificate Authority (CA)

HOST=10.203.1.61
openssl genrsa -aes256 -out ca-key.pem 4096
openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem \
  -subj "/C=TH/ST=Bangkok/L=Sathon/O=dvgamerr/OU=DevOps/CN=$HOST/emailAddress=kananek@dvgamerr.app"
Enter fullscreen mode Exit fullscreen mode

Step 2: Generate the Server Certificate

cat > san.cnf <<EOF
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no

[req_distinguished_name]
CN = $HOST   # Server IP or hostname

[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
IP.1 = $HOST   # Docker host IP address

EOF
Enter fullscreen mode Exit fullscreen mode
openssl genrsa -out server-key.pem 4096
openssl req -subj "/CN=$HOST" -sha256 -new -key server-key.pem -out server.csr
openssl req -new -key server-key.pem -out server.csr -config san.cnf
openssl x509 -req -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -days 365 -extfile san.cnf -extensions v3_req
Enter fullscreen mode Exit fullscreen mode

Step 3: Generate the Client Certificate

openssl genrsa -out key.pem 4096
openssl req -subj '/CN=aorus' -new -key key.pem -out client.csr
sudo openssl x509 -req -in client.csr -CA /root/.docker/ca.pem -CAkey /root/.docker/ca-key.pem -CAcreateserial -out cert.pem -days 365 -extfile extfile.cnf
sudo chown -R dvgamerr:dvgamerr cert.pem
cp -v /root/.docker/ca.pem /home/dvgamerr/.docker
Enter fullscreen mode Exit fullscreen mode

copy cert cleint to windows

scp aide-pi-61:/home/dvgamerr/.docker/key.pem .
scp aide-pi-61:/home/dvgamerr/.docker/ca.pem .
scp aide-pi-61:/home/dvgamerr/.docker/cert.pem .
Enter fullscreen mode Exit fullscreen mode
HOST=10.203.1.61
docker context create aide-pi-61 --description "Docker context for aide-pi-61" --docker "host=tcp://$HOST:2376,ca=C:/Users/dvgamerr/.docker/ca.pem,cert=C:/Users/dvgamerr/.docker/cert.pem,key=C:/Users/dvgamerr/.docker/key.pem"
docker context use aide-pi-61
Enter fullscreen mode Exit fullscreen mode

Billboard image

Deploy and scale your apps on AWS and GCP with a world class developer experience

Coherence makes it easy to set up and maintain cloud infrastructure. Harness the extensibility, compliance and cost efficiency of the cloud.

Learn more

Top comments (0)

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

👋 Kindness is contagious

Explore a sea of insights with this enlightening post, highly esteemed within the nurturing DEV Community. Coders of all stripes are invited to participate and contribute to our shared knowledge.

Expressing gratitude with a simple "thank you" can make a big impact. Leave your thanks in the comments!

On DEV, exchanging ideas smooths our way and strengthens our community bonds. Found this useful? A quick note of thanks to the author can mean a lot.

Okay