-
Notifications
You must be signed in to change notification settings - Fork 0
/
create-dockerd-cert.sh
executable file
·54 lines (42 loc) · 1.04 KB
/
create-dockerd-cert.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
#!/bin/sh
set -e
if [ "$#" -lt 2 ]; then
echo "usage: $0 server-name ip-addresses ..."
exit 2
fi
name=$1
shift
ips=IP:127.0.0.1
for ip in "$*"; do
ips=$ips,IP:$ip
done
dest=/var/local/docker
mkdir -p $dest
chmod a+rx $dest
cd $dest
if [ ! -f ca.pem ]; then
echo "---- CREATING SIGNING CERT ----"
openssl genrsa -out ca-key.pem 2048
openssl req -new -x509 -days 1095 -key ca-key.pem -sha256 -out ca.pem -subj "/CN=pprentice.com"
fi
chmod a+r ca.pem
chmod og-r ca-key.pem
mkdir -p dockerd-cert
chmod og-rx dockerd-cert
cd dockerd-cert
if [ ! -f cert.pem ]; then
echo "--- CREATING DOCKERD CERT ---"
openssl genrsa -out key.pem 2048
openssl req -subj "/CN=$name" -sha256 -new -key key.pem -out cert.csr
cat > extfile.cnf <<EOF
extendedKeyUsage = serverAuth
subjectAltName = DNS:$name,$ips
EOF
openssl x509 -req -days 1095 -sha256 -in cert.csr -CA ../ca.pem -CAkey ../ca-key.pem \
-CAcreateserial -out cert.pem -extfile extfile.cnf
fi
rm -f extfile.cnf cert.csr
chmod og-r *
mkdir -p ~/.docker
cd ~/.docker
ln -s $dest/ca.pem