openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.moyu.com"
-key ca.key
-out ca.crt
openssl genrsa -out harbor.moyu.com.key 4096
openssl req -sha512 -new
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.moyu.com"
-key harbor.moyu.com.key
-out harbor.moyu.com.csr
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=harbor.moyu.com
DNS.2=harbor.moyu
DNS.3=harbor
EOF
openssl x509 -req -sha512 -days 3650
-extfile v3.ext
-CA ca.crt -CAkey ca.key -CAcreateserial
-in harbor.moyu.com.csr
-out harbor.moyu.com.crt
mkdir -p /data/cert/
cp harbor.moyu.com.crt /data/cert/
cp harbor.moyu.com.key /data/cert/
cd /data/cert/
openssl x509 -inform PEM -in harbor.moyu.com.crt -out harbor.moyu.com.cert
mkdir -p /etc/docker/certs.d/harbor.moyu.com/
cp harbor.moyu.com.cert /etc/docker/certs.d/harbor.moyu.com/
cp harbor.moyu.com.key /etc/docker/certs.d/harbor.moyu.com/
cp ~/ca.crt /etc/docker/certs.d/harbor.moyu.com/
网友评论