DEV Community

Kananek T.
Kananek T.

Posted on

Docker Server Certificate with SSL

Step 1: Create the Certificate Authority (CA)

HOST=10.203.1.61
openssl genrsa -aes256 -out ca-key.pem 4096
openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem \
  -subj "/C=TH/ST=Bangkok/L=Sathon/O=dvgamerr/OU=DevOps/CN=$HOST/emailAddress=kananek@dvgamerr.app"
Enter fullscreen mode Exit fullscreen mode

Step 2: Generate the Server Certificate

cat > san.cnf <<EOF
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no

[req_distinguished_name]
CN = $HOST   # Server IP or hostname

[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
IP.1 = $HOST   # Docker host IP address

EOF
Enter fullscreen mode Exit fullscreen mode
openssl genrsa -out server-key.pem 4096
openssl req -subj "/CN=$HOST" -sha256 -new -key server-key.pem -out server.csr
openssl req -new -key server-key.pem -out server.csr -config san.cnf
openssl x509 -req -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -days 365 -extfile san.cnf -extensions v3_req
Enter fullscreen mode Exit fullscreen mode

Step 3: Generate the Client Certificate

openssl genrsa -out key.pem 4096
openssl req -subj '/CN=aorus' -new -key key.pem -out client.csr
sudo openssl x509 -req -in client.csr -CA /root/.docker/ca.pem -CAkey /root/.docker/ca-key.pem -CAcreateserial -out cert.pem -days 365 -extfile extfile.cnf
sudo chown -R dvgamerr:dvgamerr cert.pem
cp -v /root/.docker/ca.pem /home/dvgamerr/.docker
Enter fullscreen mode Exit fullscreen mode

copy cert cleint to windows

scp aide-pi-61:/home/dvgamerr/.docker/key.pem .
scp aide-pi-61:/home/dvgamerr/.docker/ca.pem .
scp aide-pi-61:/home/dvgamerr/.docker/cert.pem .
Enter fullscreen mode Exit fullscreen mode
HOST=10.203.1.61
docker context create aide-pi-61 --description "Docker context for aide-pi-61" --docker "host=tcp://$HOST:2376,ca=C:/Users/dvgamerr/.docker/ca.pem,cert=C:/Users/dvgamerr/.docker/cert.pem,key=C:/Users/dvgamerr/.docker/key.pem"
docker context use aide-pi-61
Enter fullscreen mode Exit fullscreen mode

Top comments (0)