Docker Generating certificates


Example

Generate a RSA private key: openssl genrsa -des3 -out server.key 4096

Openssl should ask for a pass phrase at this step. Notice that we’ll use only certificate for communication and authentication, without pass phrase. Just use 123456 for example.

Generate the Certificate Signing Request: openssl req -new -key server.key -out server.csr

This step is important because you’ll be asked for some information about certificates. The most important information is “Common Name” that is the domain name, which be used for communication between private docker registry and all other machine. Example : mydomain.com

Remove pass phrase from RSA private key: cp server.key server.key.org && openssl rsa -in server.key.org -out server.key

Like I said we’ll focus on certificate without pass phrase. So be careful with all your key's files (.key,.csr,.crt) and keep them on a secure place.

Generate the self-signed certificate: openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

You have now two essential files, server.key and server.crt, that are necessary for the private registry authentication.