forked from TrueCloudLab/distribution
Self-signed certificate with Kubernetes fix
In Go 1.15 there is common name deprecation for using Common name: https://golang.google.cn/doc/go1.15#commonname This causes the self-signed cert to be rejected by some Kubernetes platforms: https://stackoverflow.com/questions/64814173/how-do-i-use-sans-with-openssl-instead-of-common-name Fix is to add this field to the cert.
This commit is contained in:
parent
96357c9616
commit
e7dc768ae5
1 changed files with 1 additions and 0 deletions
|
@ -68,6 +68,7 @@ This is more secure than the insecure registry solution.
|
||||||
|
|
||||||
$ openssl req \
|
$ openssl req \
|
||||||
-newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
|
-newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
|
||||||
|
-addext "subjectAltName = DNS:myregistry.domain.com" \
|
||||||
-x509 -days 365 -out certs/domain.crt
|
-x509 -days 365 -out certs/domain.crt
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue