...
| Code Block |
|---|
[ req ] prompt = no distinguished_name = server_distinguished_name req_extensions = v3_req default_md = sha256 [ server_distinguished_name ] commonName = *.swarm.example.com stateOrProvinceName = Texas countryName = US emailAddress = admin@example.com organizationName = Example Inc. organizationalUnitNamelocalityName = ITAustin [ v3_req ] basicConstraints = CA:FALSE keyUsage = nonRepudiationcritical, digitalSignature, keyEncipherment extendedKeyUsage=critical,serverAuth,clientAuth subjectAltName = @alt_names [ alt_names ] DNS.0 = .1=swarm.example.com DNS.2=*.swarm.example.com |
Generate the self-signed CA private key
| Code Block |
|---|
openssl genrsa -out YOUR_DOMAINselfsignCA.key 30724096 |
Generate certificate signing requestthe self-signed CA root certificate
| Code Block |
|---|
openssl req -new -x509 -days 365 -key selfsignCA.key -out selfsignCA.crt -batch |
Time to create wildcard custom domain certificate (YOUR_DOMAIN.crt) and sign it with your self-signed CA root
| Code Block |
|---|
openssl genrsa -out YOUR_DOMAIN.key 4096 |
Generate certificate signing request for your domain
| Code Block |
|---|
openssl req -new -nodes -outkey YOUR_DOMAIN.csrkey -config openssl.conf -sha256 -newkey rsa:3072 |
...
out YOUR_DOMAIN.csr |
Generate the final domain certificate
| Code Block |
|---|
openssl x509 -req -sha256 -days 364 -in YOUR_DOMAIN.csr -CA selfsignCA.crt -signkeyCAkey YOUR_DOMAINselfsignCA.key -CAcreateserial -out YOUR_DOMAIN.crt -extensions v3_reqdays 365 -sha256 -extfile openssl.conf |
...
-extensions v3_req |
Generate the certificate pem file.
| Code Block |
|---|
cat YOUR_DOMAIN.crt |
...
YOUR_DOMAIN.key |
...
> YOUR_DOMAIN.pem |
...
Place the pem file where you configured it in haproxy.cfg example here put it in /etc/pki/tls/certs
...
The host <contentgatewayIP>:8091 needs to be used in the login page to connect for Swarm UI in the configuration example above.
| Info |
|---|
Copy your YOUR_DOMAINselfsignCA.crt file to |
...