Fix common name issue.

The web server's cn name should be different with the CA's common name
other wise we cannot vew the harbor UI if we use this scripte to create
certificate.
This commit is contained in:
yixingj 2017-06-26 13:06:14 +08:00
parent 6e0f274c07
commit 4a583b0229

View File

@ -17,12 +17,12 @@ fi
# Create CA certificate
openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout harbor_ca.key \
-x509 -days 365 -out harbor_ca.crt -subj '/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=Harbor CA'
-x509 -days 365 -out harbor_ca.crt -subj '/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=HarborCA'
# Generate a Certificate Signing Request
openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout $IP.key \
-out $IP.csr -subj '/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=Harbor CA'
-out $IP.csr -subj '/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=HarborManager'
# Generate the certificate of local registry host
echo subjectAltName = IP:$IP > extfile.cnf
@ -32,4 +32,4 @@ openssl x509 -req -days 365 -in $IP.csr -CA harbor_ca.crt \
# Copy to harbor default location
mkdir -p /data/cert
cp $IP.crt /data/cert/server.crt
cp $IP.key /data/cert/server.key
cp $IP.key /data/cert/server.key