Browse code
added -extfile to server certificate documentation for support of subjectAltName=IP:x.x.x.x this allows for connecting to the docker server from docker client using the dns name OR using the IP address (lots of docker stuff prefers IP addresses)
Signed-off-by: Greg Fausak <greg@tacodata.com>
Greg Fausak authored on 2015/02/12 01:01:43Showing 1 changed files
| ... | ... |
@@ -71,8 +71,15 @@ name) matches the hostname you will use to connect to Docker: |
| 71 | 71 |
|
| 72 | 72 |
Next, we're going to sign the public key with our CA: |
| 73 | 73 |
|
| 74 |
+Since tls connections can be made via IP address as well as dns name, |
|
| 75 |
+this extension allows for your client to connect via IP address. You will |
|
| 76 |
+need to replace $YOUR_IP_ADDRESS with your IP address. If there |
|
| 77 |
+is more than one simply continue to add them separated by commas. |
|
| 78 |
+ |
|
| 79 |
+ $ echo subjectAltName = IP:$YOUR_PUBLIC_IP > extfile.cnf |
|
| 80 |
+ |
|
| 74 | 81 |
$ openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca-key.pem \ |
| 75 |
- -CAcreateserial -out server-cert.pem |
|
| 82 |
+ -CAcreateserial -out server-cert.pem -extfile extfile.cnf |
|
| 76 | 83 |
Signature ok |
| 77 | 84 |
subject=/CN=your.host.com |
| 78 | 85 |
Getting CA Private Key |