Create self signed certificate in docker

What's wrong with a simple command RUN

? It works for me and the self signed certificate is generated successfully.

FROM debian:wheezy

RUN apt-get update && \
    apt-get install -y openssl && \
    openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \
    openssl rsa -passin pass:x -in server.pass.key -out server.key && \
    rm server.pass.key && \
    openssl req -new -key server.key -out server.csr \
        -subj "/C=UK/ST=Warwickshire/L=Leamington/O=OrgName/OU=IT Department/CN=example.com" && \
    openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

      

        
        
        
      

    

After that, the Dockerfile

certificate is generated only once during the image build; then you have a certificate available in the image.

If you need a new self-signed certificate every time you start the container, this is possible using an external wrapper script. For example:

#!/bin/bash

openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
openssl rsa -passin pass:x -in server.pass.key -out server.key
rm server.pass.key
openssl req -new -key server.key -out server.csr \
    -subj "/C=UK/ST=Warwickshire/L=Leamington/O=OrgName/OU=IT Department/CN=example.com"
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

      

        
        
        
      

    

And then put this shell script in yours Dockerfile

and set up default execution:

FROM debian:wheezy

RUN apt-get update && \
    apt-get install -y openssl

ADD generate-certificate.sh /tmp/generate-certificate.sh

CMD [ "/tmp/generate-certificate.sh" ]

      

        
        
        
      

    

In this case, every time you start the container with docker run ....

, a new unique certificate is generated.