Difficulty: beginner
Estimated Time: 10-15 minutes

Don’t stop now! The next scenario will only take about 10 minutes to complete.

Secure Docker Daemon using HTTPS

Step 1 of 6

Step 1 - Generate Server SSL Certificate

First create a public key.

openssl genrsa -aes256 -out ca-key.pem 2048

Enter a password for the public key. This creates a file called ca-key.pem.

Generate server key.

openssl genrsa -out server-key.pem 4096

This generates server-key.pem.

Generate certificate. Set the subject to the hostname.

openssl req -subj "/CN=$HOST" -sha256 -new -key server-key.pem -out server.csr

This creates server.csr.

The server will use ca-key.pem and server-key.pem. These will also be used to create and sign keys allowing clients to access the Docker daemon.