docker - Docker 无法验证 [docker host] 的证书,因为它不包含任何 IP SAN
问题描述
这是情况,我想在我的docker主机上启用TLS,所以我阅读了文档Protect the Docker daemon socket,并尝试生成证书,一切正常,我将客户端ip列表放入extfile.cnf,但我得到以下错误:
error during connect: Get https://xx:2376/v1.38/info: x509: cannot validate certificate for xx because it doesn't contain any IP SANs
我想我刚刚执行了文件所说的正确命令。
码头工人版本
Client:
Version: 18.06.1-ce
API version: 1.38
Go version: go1.10.3
Git commit: e68fc7a
Built: Tue Aug 21 17:23:03 2018
OS/Arch: linux/amd64
Experimental: false
Server:
Engine:
Version: 18.06.1-ce
API version: 1.38 (minimum version 1.12)
Go version: go1.10.3
Git commit: e68fc7a
Built: Tue Aug 21 17:25:29 2018
OS/Arch: linux/amd64
Experimental: false
ca证书:
[root] openssl x509 -noout -text -in ca.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=XX, L=Default City, O=Default Company Ltd, CN=[HOSTNAME]
Validity
Not Before: Apr 22 07:25:45 2020 GMT
Not After : Apr 22 07:25:45 2021 GMT
Subject: C=XX, L=Default City, O=Default Company Ltd, CN=[HOSTNAME]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
------------------
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
------------------
X509v3 Authority Key Identifier:
keyid:------------------
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
------------------
服务器证书:
[root] openssl x509 -noout -text -in server-cert.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=XX, L=Default City, O=Default Company Ltd, CN=[HOSTNAME]
Validity
Not Before: Apr 22 07:27:01 2020 GMT
Not After : Apr 22 07:27:01 2021 GMT
Subject: CN=[HOSTNAME]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:----------------
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:[HOSTNAME], IP Address:10.10.10.20, IP Address:127.0.0.1, IP Address:----------------
X509v3 Extended Key Usage:
TLS Web Server Authentication
Signature Algorithm: sha256WithRSAEncryption ----------------
解决方案
推荐阅读
- android - 构建成功,但应用程序无法安装在设备中
- javascript - 如何使用 javascript/jQuery 显示来自特定 div 的内容
- python - KeyError:列名
- javascript - 将特定键转换为对象数组而不是对象
- nestjs - NestJs 订阅者 + TypeOrm
- java - JDA 在通过 id 获取公会时返回 null
- python - 在 python 中区分 1 和 1*1 或 1**1
- java - Tomcat 10 上的 Spring Boot 战争文件部署
- typescript - RXJS:将多个端点调用的结果组合成一个数组
- android - 如何在其他类中引用一个类的字段?