Fatal编程技术网
  • openssl/
  • Openssl Docker客户端证书问题

Openssl Docker客户端证书问题

openssl docker

Openssl Docker客户端证书问题,openssl,docker,Openssl,Docker,我正在使用docker rest客户端API编写连接到docker远程守护程序的客户端。我遵循了本页文档中提到的步骤: 并生成所需的证书 现在,当我尝试使用我的客户机时,我会收到带有以下消息的失败消息: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present 然后,我尝试打印我的认证人的CN名称中所写的内容,以下是我看

我正在使用docker rest客户端API编写连接到docker远程守护程序的客户端。我遵循了本页文档中提到的步骤:

并生成所需的证书

现在,当我尝试使用我的客户机时,我会收到带有以下消息的失败消息:

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
然后,我尝试打印我的认证人的CN名称中所写的内容,以下是我看到的:

joes@joes:~$ keytool -printcert -v -file server-cert.pem
Owner: CN=123.456.0.10
Issuer: CN=123.456.0.10, O=Internet Widgits Pty Ltd, ST=Some-State, C=IN
Serial number: 2
Valid from: Mon Nov 24 19:13:49 CET 2014 until: Sun Dec 19 19:13:49 CET 2055
Certificate fingerprints:
     MD5:  80:72:7B:43:21:37:BE:48:20:D4:E8:94:6D:2C:73:51
     SHA1: 36:9C:FB:D9:1E:1B:3F:D6:1C:32:6C:ED:F0:C6:88:95:44:1A:A4:20
     SHA256: 49:C9:FD:39:29:D7:CF:78:14:49:86:47:CC:B5:F7:18:D3:B9:96:E5:34:52:6A:01:A6:88:1D:4B:E0:33:1B:D9
     Signature algorithm name: SHA256withRSA
     Version: 1
现在,当我对cert.pem文件执行相同操作时,我看到以下内容:

joes@joes:~$ keytool -printcert -v -file cert.pem
Owner: CN=client
Issuer: CN=123.456.0.10, O=Internet Widgits Pty Ltd, ST=Some-State, C=IN
Serial number: 3
Valid from: Mon Nov 24 19:16:06 CET 2014 until: Sun Dec 19 19:16:06 CET 2055
Certificate fingerprints:
     MD5:  A9:7D:56:69:FA:BD:01:40:CB:CB:C6:B6:BE:FD:EB:9F
     SHA1: 24:1D:96:7E:02:26:D0:2B:14:F6:F2:7B:ED:7F:9C:06:1F:1D:91:81
     SHA256: E9:15:C5:53:FC:E9:EB:5F:62:1D:34:CB:85:AB:B1:E8:9D:19:11:F0:34:04:AA:19:48:BA:CD:2A:ED:AA:90:47
     Signature algorithm name: SHA256withRSA
     Version: 3

Extensions: 

#1: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  clientAuth
]

For client authentication, create a client key and certificate signing request:

$ openssl genrsa -des3 -out key.pem 2048
Generating RSA private key, 2048 bit long modulus
...............................................+++
...............................................................+++
e is 65537 (0x10001)
Enter pass phrase for key.pem:
Verifying - Enter pass phrase for key.pem:
$ openssl req -subj '/CN=**client**' -new -key key.pem -out client.csr
Enter pass phrase for key.pem:
我可以看出CN是不同的,但它应该是什么?它应该是运行docker守护进程的服务器的CN吗?如果是,为什么docker文档包含以下内容:

joes@joes:~$ keytool -printcert -v -file cert.pem
Owner: CN=client
Issuer: CN=123.456.0.10, O=Internet Widgits Pty Ltd, ST=Some-State, C=IN
Serial number: 3
Valid from: Mon Nov 24 19:16:06 CET 2014 until: Sun Dec 19 19:16:06 CET 2055
Certificate fingerprints:
     MD5:  A9:7D:56:69:FA:BD:01:40:CB:CB:C6:B6:BE:FD:EB:9F
     SHA1: 24:1D:96:7E:02:26:D0:2B:14:F6:F2:7B:ED:7F:9C:06:1F:1D:91:81
     SHA256: E9:15:C5:53:FC:E9:EB:5F:62:1D:34:CB:85:AB:B1:E8:9D:19:11:F0:34:04:AA:19:48:BA:CD:2A:ED:AA:90:47
     Signature algorithm name: SHA256withRSA
     Version: 3

Extensions: 

#1: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  clientAuth
]

For client authentication, create a client key and certificate signing request:

$ openssl genrsa -des3 -out key.pem 2048
Generating RSA private key, 2048 bit long modulus
...............................................+++
...............................................................+++
e is 65537 (0x10001)
Enter pass phrase for key.pem:
Verifying - Enter pass phrase for key.pem:
$ openssl req -subj '/CN=**client**' -new -key key.pem -out client.csr
Enter pass phrase for key.pem:
我应该在docker守护进程中设置哪些证书,哪些证书是为客户端设置的?docker文档中没有那么清楚