Use TLS (HTTPS) 主要过程及文件作用
-
生成CA根证书 openssl genrsa -aes256 -out ca-key.pem 4096 #ca-key openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem #ca
-
利用CA生成其他证书[服务端,客服端] openssl genrsa -out server-key.pem 4096 #server key openssl req -subj "/CN=$HOST" -sha256 -new -key server-key.pem -out server.csr #服务端key 生成 CSR 可以绑定主机 openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -extfile extfile.cnf #利用CA CAKey CSR 签发服务端证书
-
使用已存在的CA 制作 client cert C:\Users\Administrator/.docker\machine\certs ca.pem ca-key.pem
echo ""
echo "========generate Client cert and key files========"
echo ""
openssl genrsa -out client.key 2048
openssl req -new -key client.key -out client.csr
echo ""
echo "========sign client cert with CA========"
echo ""
openssl x509 -req -days 365 -in client.csr -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out client.crt
- 在Portainer新增Endpoints 配置
上传 client.crt 与 client.key
