1、创建证书路径
mkdir -p /etc/harbor/certificate
2、生成证书
cd /etc/harbor/certificate
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=MyPersonal Root CA" \
-key ca.key \
-out ca.crt
3、生成private key
cd /etc/harbor/certificate
openssl genrsa -out harbor.liebe.com.cn.key 4096
openssl req -sha512 -new \
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.liebe.com.cn" \
-key harbor.liebe.com.cn.key \
-out harbor.liebe.com.cn.csrcat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names[alt_names]
DNS.1=harbor.liebe.com.cn
DNS.2=liebe.com.cn
DNS.3=liebe
EOF
openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in harbor.liebe.com.cn.csr \
-out harbor.liebe.com.cn.crt
4、cert转换
mkdir -p /etc/harbor/certificate/cert
cp harbor.liebe.com.cn.crt harbor.liebe.com.cn.key cert
cd /etc/harbor/certificate/cert
openssl x509 -inform PEM -in harbor.liebe.com.cn.crt -out harbor.liebe.com.cn.cert
5、如果时docker
mkdir -p /etc/docker/certs.d/harbor.liebe.com.cn/
mkdir -p /etc/docker/certs.d/harbor.liebe.com.cn/
cp /etc/harbor/certificate/cert/harbor.liebe.com.cn.cert /etc/docker/certs.d/harbor.liebe.com.cn/
cp /etc/harbor/certificate/cert/harbor.liebe.com.cn.key /etc/docker/certs.d/harbor.liebe.com.cn/
cp /etc/harbor/certificate/ca.crt /etc/docker/certs.d/harbor.liebe.com.cn/systemctl restart docker
6、如果时containered
7、在线安装harbor
tar -zxvf harbor-online-installer-v2.11.1.tgz
cd harbor
./prepare