CA证书制作

1. Create your own CA certificate:

# 执行命令:

openssl req \
    -newkey rsa:4096 -nodes -sha256 -keyout ca.key \
    -x509 -days 365 -out ca.crt


# 执行过程
Generating a 4096 bit RSA private key
.................................................................................++
..................................++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:boco
Organizational Unit Name (eg, section) []:oss
Common Name (eg, your name or your server's hostname) []:cloud2.xdpp.boco
Email Address []:wanglishuai@boco.com.cn

2. Generate a Certificate Signing Request:

如果你使用域名的方式访问你的仓库地址,那必须使用 reg.yourdomain.com 作为CN。如果使用ip地址访问,这个值可以为任意。

# 执行命令:
openssl req \
    -newkey rsa:4096 -nodes -sha256 -keyout cloud2.xdpp.boco.key \
    -out cloud2.xdpp.boco.csr
    
# 执行过程:
Generating a 4096 bit RSA private key
.....................................................................................................................................................++
...................................................++
writing new private key to 'cloud2.xdpp.boco.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:boco
Organizational Unit Name (eg, section) []:oss
Common Name (eg, your name or your server's hostname) []:cloud2.xdpp.boco
Email Address []:wanglishuai@boco.com.cn

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:yiyangboco
An optional company name []:boco

3. Generate the certificate of your registry host

如果使用域名进行访问,则执行以下命令:

# 执行命令
openssl x509 -req -days 3650 -in cloud2.xdpp.boco.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out cloud2.xdpp.boco.crt

#执行结果:

Signature ok
subject=/C=cn/ST=beijing/L=beijing/O=boco/OU=oss/CN=cloud2.xdpp.boco/emailAddress=wanglishuai@boco.com.cn
Getting CA Private Key

如果使用IP进行访问:

  echo subjectAltName = IP:192.168.1.101 > extfile.cnf

  openssl x509 -req -days 365 -in yourdomain.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -extfile extfile.cnf -out yourdomain.com
.crt

4. Configuration and Installation

  • 当生成了 yourdomain.com.crt and yourdomain.com.key 后,将其放置于harbor可以访问的路径下。
mkdir -p /data/cert
cp /opt/ca/cloud2.xdpp.boco.{crt,key} /data/cert
cd /data/cert
rename cloud2.xdpp.boco server *
  • Generate configuration files for Harbor:
# 切换至 harbor的工作目录
  ./prepare
  • 重启 harbor
# 切换至 harbor的工作目录

docker-compose down  
docker-compose up -d

5. 验证

©著作权归作者所有,转载或内容合作请联系作者
【社区内容提示】社区部分内容疑似由AI辅助生成,浏览时请结合常识与多方信息审慎甄别。
平台声明:文章内容(如有图片或视频亦包括在内)由作者上传并发布,文章内容仅代表作者本人观点,简书系信息发布平台,仅提供信息存储服务。

相关阅读更多精彩内容

友情链接更多精彩内容