From e7dc768ae54ded551b7ae2eda38d2e551a4d5dfc Mon Sep 17 00:00:00 2001 From: Novak Ivanovski Date: Fri, 5 Feb 2021 23:58:09 -0500 Subject: [PATCH] Self-signed certificate with Kubernetes fix In Go 1.15 there is common name deprecation for using Common name: https://golang.google.cn/doc/go1.15#commonname This causes the self-signed cert to be rejected by some Kubernetes platforms: https://stackoverflow.com/questions/64814173/how-do-i-use-sans-with-openssl-instead-of-common-name Fix is to add this field to the cert. --- docs/insecure.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/insecure.md b/docs/insecure.md index 73dafbe7..3446a85f 100644 --- a/docs/insecure.md +++ b/docs/insecure.md @@ -68,6 +68,7 @@ This is more secure than the insecure registry solution. $ openssl req \ -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \ + -addext "subjectAltName = DNS:myregistry.domain.com" \ -x509 -days 365 -out certs/domain.crt ```