Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

generate a self signed certificate in docker

Tags:

docker

dockerfile

I need to generate a self signed certificate when the docker starts . basically our docker is started using concourse ci . So it has to be in the dockerfile and cannot use any options using docker run .

Let me know any inputs for this

like image 929
Vidya Avatar asked May 18 '17 12:05

Vidya

People also ask

Does Docker use OpenSSL?

Generating SSL certificates from Docker containersThat image conveniently comes with OpenSSL built-in. (If your image doesn't contain OpenSSL, you could always add it to the image yourself or, more easily, install it in the container once it starts). And you now have your signed certificate, certificate.

Where are certificates stored in Docker container?

A custom certificate is configured by creating a directory under /etc/docker/certs.

1 Answers

What is wrong with simple RUN command? It works for me and the self-signed certificate is created successfully.

FROM debian:wheezy

RUN apt-get update && \
    apt-get install -y openssl && \
    openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \
    openssl rsa -passin pass:x -in server.pass.key -out server.key && \
    rm server.pass.key && \
    openssl req -new -key server.key -out server.csr \
        -subj "/C=UK/ST=Warwickshire/L=Leamington/O=OrgName/OU=IT Department/CN=example.com" && \
    openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Once in Dockerfile, the certificate is created only once during the image build; then you have the certificate available in the image.

If you need a new self-signed certificate each time a container starts, it's possible with the use of an external shell script. Like so:

#!/bin/bash

openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
openssl rsa -passin pass:x -in server.pass.key -out server.key
rm server.pass.key
openssl req -new -key server.key -out server.csr \
    -subj "/C=UK/ST=Warwickshire/L=Leamington/O=OrgName/OU=IT Department/CN=example.com"
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

And then put that shell script into your Dockerfile and set up the default execution:

FROM debian:wheezy

RUN apt-get update && \
    apt-get install -y openssl

COPY generate-certificate.sh /tmp/generate-certificate.sh

CMD [ "/tmp/generate-certificate.sh" ]

In this case each time you start a container with docker run ...., a new unique certificate is generated.

like image 196
Alex Karshin Avatar answered Sep 21 '22 14:09

Alex Karshin
Sign in to Comment

Related questions

How to override the CMD command in the docker run line
Can docker compose skip build if the image is present?
How to configure docker container proxy?
Alpine Linux - javac not found
Searching the Google Container Registry
docker: Error response from daemon: connection error: desc = "transport: dial unix:///var/run/docker/containerd/docker-containerd.sock: timeout"
Swagger running with local json file in Docker Image
What does sbt-native-packager's docker:publishLocal do?
Connect to another container using Docker compose
How do I find out why my Docker service is in Pending state?
How to run "docker-machine create" in OS X?
tar: Cannot read: Is a directory in docker
Build docker in ASP.NET Core: "no such file or directory" error
Django shell mode in docker
npm : Postinstall not running in docker
Ctrl-p and Ctrl-n behaving unexpectedly under Docker
ElementNotInteractableException: element not interactable: element has zero size appears since upgrade to chromedriver 83
Gunicorn ImportError: cannot import name 'ALREADY_HANDLED' from 'eventlet.wsgi' in docker
Docker behind proxy that changes ssl certificate
"no space left on device" even after removing all containers

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!