添加Let';s将证书加密到debian:9 docker映像
我想基于添加Let';s将证书加密到debian:9 docker映像,docker,ssl,openssl,ssl-certificate,lets-encrypt,Docker,Ssl,Openssl,Ssl Certificate,Lets Encrypt,我想基于debian:9构建一个映像,并添加来自以下链接的加密证书: 好的,这些应该转换成.crt格式,所以我运行: ▶ openssl x509 -in isrgrootx1.pem -inform PEM -out isrgrootx1.crt ▶ openssl x509 -in trustid-x3-root.pem -inform PEM -out trustid-x3-root.crt 然后我使用以下Dockerfile FROM debian:9 RUN mkdir -p
debian:9
构建一个映像,并添加来自以下链接的加密证书:
好的,这些应该转换成.crt
格式,所以我运行:
▶ openssl x509 -in isrgrootx1.pem -inform PEM -out isrgrootx1.crt
▶ openssl x509 -in trustid-x3-root.pem -inform PEM -out trustid-x3-root.crt
然后我使用以下Dockerfile
FROM debian:9
RUN mkdir -p /usr/share/ca-certificates/extra
RUN apt-get update && apt-get install ca-certificates -y --no-install-recommends
COPY isrgrootx1.crt /usr/share/ca-certificates/extra/isrgrootx1.crt
COPY trustid-x3-root.crt /usr/share/ca-certificates/extra/trustid-x3-root.crt
RUN update-ca-certificates
但是,在构建结束时,我发现没有添加额外的证书:
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
更重要的是,使用命令在运行的容器中列出它们
awk-v cmd='openssl x509-noout-subject''
/开始/{close(cmd)};{print | cmd}'
我没有看到安装了任何让我们加密证书
我是否遗漏了任何步骤?我相信您想要的路径是/usr/local/share/ca证书
。以下显示了正在添加的2个证书:
FROM debian:9
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
ca-certificates \
openssl \
&& mkdir -p /usr/local/share/ca-certificates
ADD https://letsencrypt.org/certs/isrgrootx1.pem.txt /usr/local/share/ca-certificates/isrgrootx1.pem
ADD https://letsencrypt.org/certs/trustid-x3-root.pem.txt /usr/local/share/ca-certificates/trustid-x3-root.pem
RUN cd /usr/local/share/ca-certificates \
&& openssl x509 -in isrgrootx1.pem -inform PEM -out isrgrootx1.crt \
&& openssl x509 -in trustid-x3-root.pem -inform PEM -out trustid-x3-root.crt \
&& update-ca-certificates
请注意,您下载的证书没有在主题中说明允许加密:
root@4544afdd06e3:/# openssl x509 -noout -subject </usr/local/share/ca-certificates/isrgrootx1.pem
subject=C = US, O = Internet Security Research Group, CN = ISRG Root X1
root@4544afdd06e3:/# openssl x509 -noout -subject </usr/local/share/ca-certificates/trustid-x3-root.pem
subject=O = Digital Signature Trust Co., CN = DST Root CA X3
root@4544afdd06e3:/#openssl x509-noout-subject Dockerfile所在文件夹中的文件是什么?它们没有被添加到.dockrignore或其他排除规则中?谢谢;你知道为什么在使用上述Dockerfile
构建的运行容器上执行以下命令时没有显示输出吗<代码>root@43b7414439d4:/#awk-v cmd='openssl x509-noout-subject'/BEGIN/{close(cmd)};{print | cmd}'
没关系,它看起来像互联网安全研究小组
而不是让我们加密
或其他什么
root@4544afdd06e3:/# openssl x509 -noout -subject </usr/local/share/ca-certificates/isrgrootx1.pem
subject=C = US, O = Internet Security Research Group, CN = ISRG Root X1
root@4544afdd06e3:/# openssl x509 -noout -subject </usr/local/share/ca-certificates/trustid-x3-root.pem
subject=O = Digital Signature Trust Co., CN = DST Root CA X3