search

SvenDowideit / generate_cert

generate the tls certs needed for Docker TLS socket.
Apache License 2.0
20 stars 10 forks source link

can we create a combined cert too #2

Open SvenDowideit opened 9 years ago

SvenDowideit commented 9 years ago

that can be used from curl..

atm, the TLS Docker cmdline looks like:

[sven@t440s docker]$ curl --cert /home/sven/.boot2docker/certs/boot2docker-vm/cert.pem --key /home/sven/.boot2docker/certs/boot2docker-vm/key.pem --insecure https://192.168.59.104:2376/images/json
[{"Created":1413287139,"Id":"06a9ec1ccf4a000cf5794060edcfb8eadbea54f24737d0a7267b195026f05c20","ParentId":"505488eb61527cd5a4d73931c87bec51b49aa488cae3ca93c0aa10489a800848","RepoTags":["docker:master"],"Size":54760559,"VirtualSize":1183121602}
,{"Created":1412982210,"Id":"1357f421be38556d7bca2d39db520b1255ced38200c7add2b038556b1f564b3c","ParentId":"dfa12c637781009019c7b1b4540c680dfe946fc9a172200041c189b33690ab99","RepoTags":["ubuntu:14.04","ubuntu:14.04.1","ubuntu:latest","ubuntu:trusty"],"Size":0,"VirtualSize":192747261}
,{"Created":1412200953,"Id":"ef872312fe1bbc5e05aae626791a47ee9b032efa8f3bda39cc0be7b56bfe59b9","ParentId":"7fa0dcdc88de9c8a856f648c1f8e0cf8141a505bbddb7ecc0c61f1ed5e086852","RepoTags":["hello-world:latest"],"Size":0,"VirtualSize":910}
mvinni commented 9 years ago

Could the difference in certificates be the cause to gcloud preview app run . (e.g., https://cloud.google.com/solutions/nodejs/) fail when docker is running in boot2docker?

$ curl --cert .docker-winb2d/cert.pem --key .docker-winb2d/key.pem --cacert .docker-winb2d/ca.pem https://boot2docker:2376/images/json curl: (60) SSL certificate problem: self signed certificate ... $ DOCKER_HOST=tcp://boot2docker:2376 DOCKER_CERT_PATH=/home/mikko/.docker-winb2d/ DOCKER_TLS_VERIFY=1 docker info Containers: 7 ... --> also gcloud preview app run . fails, docker info works

With a local (Linux) docker installation, certificates generated following http://docs.docker.com/articles/https/:

$ curl --cert .docker-local/cert.pem --key .docker-local/key.pem --cacert .docker-local/ca.pem https://docker.local:2376/images/json [{"Created":1422965271,"Id":... }]

--> gcloud preview app commands work also

$ ls -l .docker-local/ .docker-winb2d/ .docker-local/: yhteensä 12 -rw-r--r-- 1 mikko mikko 1391 27.1. 17:03 ca.pem -rw-r--r-- 1 mikko mikko 1151 27.1. 17:03 cert.pem -rw-r--r-- 1 mikko mikko 1675 27.1. 17:03 key.pem

.docker-winb2d/: yhteensä 12 -rw-r--r-- 1 mikko mikko 1042 4.2. 09:34 ca.pem -rw-r--r-- 1 mikko mikko 1070 4.2. 09:34 cert.pem -rw-r--r-- 1 mikko mikko 1675 4.2. 09:34 key.pem