mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-20 23:57:42 +01:00
Merge pull request #1071 from yhua123/ssltest
modify openssl ca to openssl x509 for certificate format
This commit is contained in:
commit
978feeacc9
@ -27,26 +27,18 @@ Otherwise, if you use IP address to connect your registry host, CN can be anythi
|
|||||||
```
|
```
|
||||||
3) Generate the certificate of your registry host:
|
3) Generate the certificate of your registry host:
|
||||||
|
|
||||||
On Ubuntu, the config file of openssl locates at **/etc/ssl/openssl.cnf**. Refer to openssl document for more information. The default CA directory of openssl is called demoCA. Let's create necessary directories and files:
|
|
||||||
|
|
||||||
```
|
|
||||||
mkdir demoCA
|
|
||||||
cd demoCA
|
|
||||||
touch index.txt
|
|
||||||
echo '01' > serial
|
|
||||||
cd ..
|
|
||||||
```
|
|
||||||
If you're using FQDN like **reg.yourdomain.com** to connect your registry host, then run this command to generate the certificate of your registry host:
|
If you're using FQDN like **reg.yourdomain.com** to connect your registry host, then run this command to generate the certificate of your registry host:
|
||||||
|
|
||||||
```
|
```
|
||||||
openssl ca -in yourdomain.com.csr -out yourdomain.com.crt -cert ca.crt -keyfile ca.key -outdir .
|
openssl x509 -req -days 365 -in yourdomain.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out yourdomain.com.crt
|
||||||
```
|
```
|
||||||
If you're using **IP**, say **192.168.1.101** to connect your registry host, you may instead run the command below:
|
If you're using **IP**, say **192.168.1.101** to connect your registry host, you may instead run the command below:
|
||||||
|
|
||||||
```
|
```
|
||||||
echo subjectAltName = IP:192.168.1.101 > extfile.cnf
|
echo subjectAltName = IP:192.168.1.101 > extfile.cnf
|
||||||
|
|
||||||
openssl ca -in yourdomain.com.csr -out yourdomain.com.crt -cert ca.crt -keyfile ca.key -extfile extfile.cnf -outdir .
|
openssl x509 -req -days 365 -in yourdomain.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -extfile extfile.cnf -out yourdomain.com
|
||||||
|
.crt
|
||||||
```
|
```
|
||||||
##Configuration and Installation
|
##Configuration and Installation
|
||||||
After obtaining the **yourdomain.com.crt** and **yourdomain.com.key** files,
|
After obtaining the **yourdomain.com.crt** and **yourdomain.com.key** files,
|
||||||
@ -124,3 +116,4 @@ If you've mapped nginx 443 port to another, you need to add the port to login, l
|
|||||||
update-ca-trust
|
update-ca-trust
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user