From e55aa47641f99958f5bb481a96a483abda951c86 Mon Sep 17 00:00:00 2001 From: yhua Date: Fri, 11 Nov 2016 18:39:24 +0800 Subject: [PATCH 1/4] modify openssl ca to openssl x509 for certificate format --- docs/configure_https.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/configure_https.md b/docs/configure_https.md index 9281d8125..6eed677c7 100644 --- a/docs/configure_https.md +++ b/docs/configure_https.md @@ -39,14 +39,15 @@ On Ubuntu, the config file of openssl locates at **/etc/ssl/openssl.cnf**. Refer If you're using FQDN like **reg.yourdomain.com** to connect your registry host, then run this command to generate the certificate of your registry host: ``` - openssl ca -in yourdomain.com.csr -out yourdomain.com.crt -cert ca.crt -keyfile ca.key -outdir . + openssl x509 -req -days 365 -in yourdomain.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out yourdomain.com.crt ``` If you're using **IP**, say **192.168.1.101** to connect your registry host, you may instead run the command below: ``` echo subjectAltName = IP:192.168.1.101 > extfile.cnf - openssl ca -in yourdomain.com.csr -out yourdomain.com.crt -cert ca.crt -keyfile ca.key -extfile extfile.cnf -outdir . + openssl x509 -req -days 365 -in yourdomain.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -extfile extfile.cnf -out yourdomain.com +.crt ``` ##Configuration and Installation After obtaining the **yourdomain.com.crt** and **yourdomain.com.key** files, @@ -124,3 +125,4 @@ If you've mapped nginx 443 port to another, you need to add the port to login, l update-ca-trust ``` + From 374f8179243cc0302e78f4de2d39ca09cce483d1 Mon Sep 17 00:00:00 2001 From: yhua123 Date: Tue, 15 Nov 2016 14:05:42 +0800 Subject: [PATCH 2/4] Update configure_https.md remove serial part in demoCA directory --- docs/configure_https.md | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/docs/configure_https.md b/docs/configure_https.md index 6eed677c7..83974af3e 100644 --- a/docs/configure_https.md +++ b/docs/configure_https.md @@ -27,15 +27,8 @@ Otherwise, if you use IP address to connect your registry host, CN can be anythi ``` 3) Generate the certificate of your registry host: -On Ubuntu, the config file of openssl locates at **/etc/ssl/openssl.cnf**. Refer to openssl document for more information. The default CA directory of openssl is called demoCA. Let's create necessary directories and files: +On Ubuntu, the config file of openssl locates at **/etc/ssl/openssl.cnf**. Refer to openssl document for more information. The default CA directory of openssl is called demoCA. -``` - mkdir demoCA - cd demoCA - touch index.txt - echo '01' > serial - cd .. -``` If you're using FQDN like **reg.yourdomain.com** to connect your registry host, then run this command to generate the certificate of your registry host: ``` From 34d58846473254b49603b694ef570fd43da36fc8 Mon Sep 17 00:00:00 2001 From: yhua123 Date: Tue, 15 Nov 2016 14:08:08 +0800 Subject: [PATCH 3/4] Update configure_https.md remove serial part in demoCA directory(1) --- docs/configure_https.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configure_https.md b/docs/configure_https.md index 83974af3e..8c12af0f3 100644 --- a/docs/configure_https.md +++ b/docs/configure_https.md @@ -27,7 +27,7 @@ Otherwise, if you use IP address to connect your registry host, CN can be anythi ``` 3) Generate the certificate of your registry host: -On Ubuntu, the config file of openssl locates at **/etc/ssl/openssl.cnf**. Refer to openssl document for more information. The default CA directory of openssl is called demoCA. +On Ubuntu, the config file of openssl locates at **/etc/ssl/openssl.cnf**. Refer to openssl document for more information. If you're using FQDN like **reg.yourdomain.com** to connect your registry host, then run this command to generate the certificate of your registry host: From 48ef9bed306c98e9a7b57ecad976e59a374446f0 Mon Sep 17 00:00:00 2001 From: yhua123 Date: Tue, 15 Nov 2016 15:11:07 +0800 Subject: [PATCH 4/4] Update configure_https.md remove update openssl.cnf part --- docs/configure_https.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/configure_https.md b/docs/configure_https.md index 8c12af0f3..0c3641066 100644 --- a/docs/configure_https.md +++ b/docs/configure_https.md @@ -27,8 +27,6 @@ Otherwise, if you use IP address to connect your registry host, CN can be anythi ``` 3) Generate the certificate of your registry host: -On Ubuntu, the config file of openssl locates at **/etc/ssl/openssl.cnf**. Refer to openssl document for more information. - If you're using FQDN like **reg.yourdomain.com** to connect your registry host, then run this command to generate the certificate of your registry host: ```