docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add DNS SubjectAltName to certificate recipe 

If a SubjectAltName is present, the certificates CommonName should be
discarded by the clients. This ensure that people following the guide
generates valid certificates.
This commit is contained in:
Félix Bouliane 2016-11-16 17:59:59 -05:00
parent bd619914c8
commit 71368b49c3
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
engine/security/https.md
View File

@ -78,7 +78,7 @@ Since TLS connections can be made via IP address as well as DNS name, they need
to be specified when creating the certificate. For example, to allow connections to be specified when creating the certificate. For example, to allow connections
using `10.10.10.20` and `127.0.0.1`: using `10.10.10.20` and `127.0.0.1`:
$ echo subjectAltName = IP:10.10.10.20,IP:127.0.0.1 > extfile.cnf $ echo subjectAltName = DNS:$HOST,IP:10.10.10.20,IP:127.0.0.1 > extfile.cnf
$ openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \ $ openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \
-CAcreateserial -out server-cert.pem -extfile extfile.cnf -CAcreateserial -out server-cert.pem -extfile extfile.cnf