Step 1: Create the Certificate Authority (CA)
HOST=10.203.1.61 openssl genrsa -aes256 -out ca-key.pem 4096 openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem \ -subj "/C=TH/ST=Bangkok/L=Sathon/O=dvgamerr/OU=DevOps/CN=$HOST/emailAddress=kananek@dvgamerr.app" Step 2: Generate the Server Certificate
cat > san.cnf <<EOF [req] distinguished_name = req_distinguished_name req_extensions = v3_req prompt = no [req_distinguished_name] CN = $HOST # Server IP or hostname [v3_req] keyUsage = keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] IP.1 = $HOST # Docker host IP address EOF openssl genrsa -out server-key.pem 4096 openssl req -subj "/CN=$HOST" -sha256 -new -key server-key.pem -out server.csr openssl req -new -key server-key.pem -out server.csr -config san.cnf openssl x509 -req -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -days 365 -extfile san.cnf -extensions v3_req Step 3: Generate the Client Certificate
openssl genrsa -out key.pem 4096 openssl req -subj '/CN=aorus' -new -key key.pem -out client.csr sudo openssl x509 -req -in client.csr -CA /root/.docker/ca.pem -CAkey /root/.docker/ca-key.pem -CAcreateserial -out cert.pem -days 365 -extfile extfile.cnf sudo chown -R dvgamerr:dvgamerr cert.pem cp -v /root/.docker/ca.pem /home/dvgamerr/.docker copy cert cleint to windows
scp aide-pi-61:/home/dvgamerr/.docker/key.pem . scp aide-pi-61:/home/dvgamerr/.docker/ca.pem . scp aide-pi-61:/home/dvgamerr/.docker/cert.pem . HOST=10.203.1.61 docker context create aide-pi-61 --description "Docker context for aide-pi-61" --docker "host=tcp://$HOST:2376,ca=C:/Users/dvgamerr/.docker/ca.pem,cert=C:/Users/dvgamerr/.docker/cert.pem,key=C:/Users/dvgamerr/.docker/key.pem" docker context use aide-pi-61 
Top comments (0)