Generate a RSA private key:
openssl genrsa -des3 -out server.key 4096
Openssl should ask for a pass phrase at this step. Notice that we’ll use only certificate for communication and authentication, without pass phrase. Just use 123456 for example.
Generate the Certificate Signing Request:
openssl req -new -key server.key -out server.csr
This step is important because you’ll be asked for some information about certificates. The most important information is “Common Name” that is the domain name, which be used for communication between private docker registry and all other machine. Example : mydomain.com
Remove pass phrase from RSA private key:
cp server.key server.key.org && openssl rsa -in server.key.org -out server.key
Like I said we’ll focus on certificate without pass phrase. So be careful with all your key's files (.key,.csr,.crt) and keep them on a secure place.
Generate the self-signed certificate:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
You have now two essential files, server.key and server.crt, that are necessary for the private registry authentication.