docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add DNS SubjectAltName to certificate recipe 

If a SubjectAltName is present, the certificates CommonName should be
discarded by the clients. This ensure that people following the guide
generates valid certificates.
This commit is contained in:
Félix Bouliane 2016-11-16 17:59:59 -05:00
parent bd619914c8
commit 71368b49c3
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
engine/security/https.md
View File

@ -78,7 +78,7 @@ Since TLS connections can be made via IP address as well as DNS name, they need
to be specified when creating the certificate. For example, to allow connections
using `10.10.10.20` and `127.0.0.1`:
$ echo subjectAltName = IP:10.10.10.20,IP:127.0.0.1 > extfile.cnf
$ echo subjectAltName = DNS:$HOST,IP:10.10.10.20,IP:127.0.0.1 > extfile.cnf
$ openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \
-CAcreateserial -out server-cert.pem -extfile extfile.cnf