1
0
mirror of https://github.com/distribution/distribution synced 2024-11-12 05:45:51 +01:00

Self-signed certificate with Kubernetes fix

In Go 1.15 there is common name deprecation for using Common name:
https://golang.google.cn/doc/go1.15#commonname

This causes the self-signed cert to be rejected by some Kubernetes platforms:
https://stackoverflow.com/questions/64814173/how-do-i-use-sans-with-openssl-instead-of-common-name

Fix is to add this field to the cert.
This commit is contained in:
Novak Ivanovski 2021-02-05 23:58:09 -05:00 committed by GitHub
parent 96357c9616
commit e7dc768ae5

@ -68,6 +68,7 @@ This is more secure than the insecure registry solution.
$ openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
-addext "subjectAltName = DNS:myregistry.domain.com" \
-x509 -days 365 -out certs/domain.crt
```