Remove unnecessary steps on doc about enabling HTTPS #336
Comments
|
Thanks for filing @Kewei-Lu! @wy65701436 can you comment here with your thoughts on this? thanks! |
|
Hi all, bumping onto this to avoid creating another issue (feel free telling me to create a dedicated issue if it helps). First of all I agree with @Kewei-Lu, in most cases (= mTLS not enabled) one does only need to trust the CA. Another thing I thought was confusing in the external access HTTPS tutorial was that in the examples, the same CN is given for both the CA and the server certificates. While I know this makes no sense in real life to give the same CN to those certs (and the tutorial does point in that direction by warning to update the parameters to reflect your organization), beginners stumbling on the tutorial to enable HTTPS will probably follow those examples, and the issue is that if you do that, your certificates will not work. Basically if you copy every command in the examples without changing any parameters, when you run If you just change the CN and update the extensions when generating the server certificate signing request, like so (notice the subdomain. and the DNS entries in the , the |
Hi team,
I was following the tutorial to set harbor on my host.
For section "Provide the Certificates to Harbor and Docker" I find it may be unnecessary to provide your server certificate to docker client as it needs to install client certificate on "docker/certs.d/" directory only if when bi-directional authentication is needed for HTTPS. So for authentication only for server, I hold a question that is it fine to remove the following actions listed in tutorial.
openssl x509 -inform PEM -in yourdomain.com.crt -out yourdomain.com.cert # convert format cp yourdomain.com.cert /etc/docker/certs.d/yourdomain.com/ cp yourdomain.com.key /etc/docker/certs.d/yourdomain.com/BRs
kewei
The text was updated successfully, but these errors were encountered: