Create self signed certificate in docker
What's wrong with a simple command RUN
? It works for me and the self signed certificate is generated successfully.
FROM debian:wheezy
RUN apt-get update && \
apt-get install -y openssl && \
openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \
openssl rsa -passin pass:x -in server.pass.key -out server.key && \
rm server.pass.key && \
openssl req -new -key server.key -out server.csr \
-subj "/C=UK/ST=Warwickshire/L=Leamington/O=OrgName/OU=IT Department/CN=example.com" && \
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
After that, the Dockerfile
certificate is generated only once during the image build; then you have a certificate available in the image.
If you need a new self-signed certificate every time you start the container, this is possible using an external wrapper script. For example:
#!/bin/bash
openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
openssl rsa -passin pass:x -in server.pass.key -out server.key
rm server.pass.key
openssl req -new -key server.key -out server.csr \
-subj "/C=UK/ST=Warwickshire/L=Leamington/O=OrgName/OU=IT Department/CN=example.com"
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
And then put this shell script in yours Dockerfile
and set up default execution:
FROM debian:wheezy
RUN apt-get update && \
apt-get install -y openssl
ADD generate-certificate.sh /tmp/generate-certificate.sh
CMD [ "/tmp/generate-certificate.sh" ]
In this case, every time you start the container with docker run ....
, a new unique certificate is generated.
source to share