x509: cannot validate certificate because of not containing any IP SANs

最新推荐文章于 2024-11-05 09:11:50 发布

Weshzhu

最新推荐文章于 2024-11-05 09:11:50 发布

阅读量2.9w

点赞数 7

分类专栏： Docker CentOs registry openssl

本文链接：https://blog.csdn.net/zsd498537806/article/details/79290732

版权

CentOs中docker 安装私有仓库，并通过https方式上传镜像

安装仓库registry, Tag为2

[weshzhu@weshzhu ~]$ docker pull registry:2
2: Pulling from library/registry
Digest: sha256:672d519d7fd7bbc7a448d17956ebeefe225d5eb27509d8dc5ce67ecb4a0bce54
Status: Image is up to date for registry:2

查看仓库，此时先不启动容器。

[weshzhu@weshzhu certs]$ docker images
REPOSITORY            TAG                 IMAGE ID            CREATED             SIZE
registry              2                   d1fd7d86a825        4 weeks ago         33.3MB

通过OpenSSL工具生成自签名的证书，后面将用于对请求进行校验

对于证书以及OpenSSL, 请移目那些证书相关的玩意儿

首先找到OpenSSL工具配置文件openssl.cnf，对于Centos,目录在/etc/pki/tls/中

[weshzhu@weshzhu ~]$ cd /etc/pki/tls/
[weshzhu@weshzhu tls]$ ll
total 12
lrwxrwxrwx. 1 root root    49 Jan 26 19:10 cert.pem -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
drwxr-xr-x. 2 root root   193 Feb  7 21:42 certs
drwxr-xr-x. 2 root root    74 Jan 26 19:10 misc
-rw-r--r--. 1 root root 10955 <