1. Create your own CA certificate:

# 执行命令：

openssl req \
    -newkey rsa:4096 -nodes -sha256 -keyout ca.key \
    -x509 -days 365 -out ca.crt


# 执行过程
Generating a 4096 bit RSA private key
.................................................................................++
..................................++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:boco
Organizational Unit Name (eg, section) []:oss
Common Name (eg, your name or your server's hostname) []:cloud2.xdpp.boco
Email Address []:wanglishuai@boco.com.cn

2. Generate a Certificate Signing Request:

如果你使用域名的方式访问你的仓库地址，那必须使用 reg.yourdomain.com 作为CN。如果使用ip地址访问，这个值可以为任意。

# 执行命令：
openssl req \
    -newkey rsa:4096 -nodes -sha256 -keyout cloud2.xdpp.boco.key \
    -out cloud2.xdpp.boco.csr
    
# 执行过程：
Generating a 4096 bit RSA private key
.....................................................................................................................................................++
...................................................++
writing new private key to 'cloud2.xdpp.boco.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:boco
Organizational Unit Name (eg, section) []:oss
Common Name (eg, your name or your server's hostname) []:cloud2.xdpp.boco
Email Address []:wanglishuai@boco.com.cn

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:yiyangboco
An optional company name []:boco

3. Generate the certificate of your registry host

如果使用域名进行访问，则执行以下命令：

# 执行命令
openssl x509 -req -days 3650 -in cloud2.xdpp.boco.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out cloud2.xdpp.boco.crt

#执行结果：

Signature ok
subject=/C=cn/ST=beijing/L=beijing/O=boco/OU=oss/CN=cloud2.xdpp.boco/emailAddress=wanglishuai@boco.com.cn
Getting CA Private Key

如果使用IP进行访问：

  echo subjectAltName = IP:192.168.1.101 > extfile.cnf

  openssl x509 -req -days 365 -in yourdomain.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -extfile extfile.cnf -out yourdomain.com
.crt

4. Configuration and Installation

• 当生成了 yourdomain.com.crt and yourdomain.com.key 后，将其放置于harbor可以访问的路径下。

mkdir -p /data/cert
cp /opt/ca/cloud2.xdpp.boco.{crt,key} /data/cert
cd /data/cert
rename cloud2.xdpp.boco server *

• Generate configuration files for Harbor:

# 切换至 harbor的工作目录
  ./prepare

• 重启 harbor

# 切换至 harbor的工作目录

docker-compose down  
docker-compose up -d

5. 验证