Skip to content

Latest commit

 

History

History
59 lines (48 loc) · 2.02 KB

README.md

File metadata and controls

59 lines (48 loc) · 2.02 KB

OpenSSL Alpine

Docker image based on Alpine Linux that uses OpenSSL to generate a three tier x509 certificate chain.

x509 is a standard for a public key infrastructure (PKI) to manage digital certificates, public-key encryption and a key part of the Transport Layer Security (TLS) protocol used to secure web and email communication.

Customisation

The image comes with default values, but they can be overridden using the following environment variables when running a docker container to customise the generated certificates:

VARIABLE DESCRIPTION DEFAULT
COUNTRY Certificate subject country string UK
STATE Certificate subject state string Greater London
LOCATION Certificate subject location string London
ORGANISATION Certificate subject organisation string Example
ROOT_CN Root certificate common name Root
ISSUER_CN Intermediate issuer certificate common name Example Ltd
PUBLIC_CN Public certificate common name *.example.com
ROOT_NAME Root certificate filename root
ISSUER_NAME Intermediate issuer certificate filename example
PUBLIC_NAME Public certificate filename public
RSA_KEY_NUMBITS The size of the rsa keys to generate in bits 2048
DAYS The number of days to certify the certificates for 365
KEYSTORE_NAME Keystore filename keystore
KEYSTORE_PASS Keystore password changeit

For example, to run a container, customise variables and mount the certificates in a volume:

docker run --rm \
  -e COUNTRY="ME" \
  -e STATE="Middle Earth" \
  -e LOCATION="The Shire" \
  -e ORGANISATION="Hobbit" \
  -e ISSUER_CN="J R R Tolkien" \
  -e PUBLIC_CN="hobbit.com" \
  -e ISSUER_NAME="tolkien" \
  -e PUBLIC_NAME="hobbit" \
  -v hobbit:/etc/ssl/certs \
  pgarrett/openssl-alpine

List the generated certificates:

ls -la /var/lib/docker/volumes/hobbit/_data

View the public certificate details:

openssl x509 -in /var/lib/docker/volumes/hobbit/_data/hobbit.crt -text -noout