I'm working with a Harbor registry that was set up by a third-party contractor just before my arrival. The SSL certificate from GoDaddy expired a while ago, and I got to find out about it when my coworker couldn't pull images.
Anyway, the root of my problem is how to generate a CSR with all of the right stuff to make Harbor and Docker happy. The IT manager and I did our own CSR, but we didn't capture the x509 aspect and a few other things. The cert works fine with the web UI, but when trying to interact with Harbor through the Docker CLI, our current error is
x509: certificate signed by unknown authority
In looking at your docs at step 3 under "Generate a Server Certificate," we were missing the contents of that file. The file I generated based on those instructions is as follows.
It had to have [req] and distinguished_name to not exit without error when generating a CSR, and naturally, the next step was running the following command to generate a CSR.
My basis for the -config v3.ext argument is from the second to last line here, and we also can't ask GoDaddy to use the -extfile v3.ext argument when singing the cert.
Anyway, the newly rekeyed cert from GoDaddy still gives the same x509 error, so I'm just kind of at a loss. Could I get some direction as to how I can properly generate a CSR for this context? Our alternative is paying like $6k for the original contractor to fix this mess that arose from their patchy docs.
I'm working with a Harbor registry that was set up by a third-party contractor just before my arrival. The SSL certificate from GoDaddy expired a while ago, and I got to find out about it when my coworker couldn't pull images.
Anyway, the root of my problem is how to generate a CSR with all of the right stuff to make Harbor and Docker happy. The IT manager and I did our own CSR, but we didn't capture the
x509
aspect and a few other things. The cert works fine with the web UI, but when trying to interact with Harbor through the Docker CLI, our current error isIn looking at your docs at step 3 under "Generate a Server Certificate," we were missing the contents of that file. The file I generated based on those instructions is as follows.
It had to have
[req]
anddistinguished_name
to not exit without error when generating a CSR, and naturally, the next step was running the following command to generate a CSR.My basis for the
-config v3.ext
argument is from the second to last line here, and we also can't ask GoDaddy to use the-extfile v3.ext
argument when singing the cert.Anyway, the newly rekeyed cert from GoDaddy still gives the same
x509
error, so I'm just kind of at a loss. Could I get some direction as to how I can properly generate a CSR for this context? Our alternative is paying like $6k for the original contractor to fix this mess that arose from their patchy docs.