DZone
Cloud Zone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
  • Refcardz
  • Trend Reports
  • Webinars
  • Zones
  • |
    • Agile
    • AI
    • Big Data
    • Cloud
    • Database
    • DevOps
    • Integration
    • IoT
    • Java
    • Microservices
    • Open Source
    • Performance
    • Security
    • Web Dev
DZone > Cloud Zone > Using Docker to Generate SSL Certificates

Using Docker to Generate SSL Certificates

Learn how you can use Docker to generate your SSL certificates, rather than doing it on the host.

Chris Tozzi user avatar by
Chris Tozzi
·
Oct. 09, 16 · Cloud Zone · Tutorial
Like (3)
Save
Tweet
13.67K Views

Join the DZone community and get the full member experience.

Join For Free

When you hear “Docker” and “SSL” you probably assume the conversation is about creating SSL certificates to secure the Docker daemon itself. That’s an important but well-documented task. Or maybe you think we’re talking about creating SSL certificates for use by Dockerized apps. That’s also easy enough if you use various third-party tools (like the ones here and here). But did you know you can also use Docker containers to create SSL certificates for the host?

Using Docker to Generate SSL Certificates

Using Docker to generate SSL certificates is not something that most developers have probably thought of doing. But it’s a neat and handy trick. You may be wondering why you’d ever want to use Docker containers to generate SSL certificates for the host. Couldn’t you just do that on the host itself?

Well, yes. But only if you have the right tools (like OpenSSL) installed on the host. And if you are doing everything you can to keep your Docker server lean, you probably don’t want to add tools like OpenSSL to it, if you don’t have to. Plus, you may not be working from a production Docker server at all, but instead from a Docker test box. If you’re like me, that test box is actually your personal laptop, which probably doesn’t have OpenSSL or other server tools installed on it.

Yes, I could apt-get the openssl package (or apache2-utils) easily enough, but I really don’t want to turn my laptop into a server. Again, I like things to be lean and mean. That’s what makes containers attractive in the first place, after all.

Generating SSL Certificates From Docker Containers

Instead of generating certificates on the host, it’s cool to be able to use Docker containers to create SSL certificates for me. It’s also pretty simple, as the following steps show.

First, of course, you want to pull a container image that supports the creation of SSL certificates using the Docker Hub Nginx image. That image conveniently comes with OpenSSL built-in. (If your image doesn’t contain OpenSSL, you could always add it to the image yourself or, more easily, install it in the container once it starts).

As an example, you’d run:

docker pull nginx

Next, you need to create a private key and certificate signing request with a command like:

docker run -v $PWD:/work -it nginx openssl req -out /work/CSR.csr -new 
-newkey rsa:2048 -nodes -keyout /work/privateKey.key

You’ll now see that the working directory on the host contains the files privateKey.key and CSR.csr. If you want to use them to create a self-signed certificate, you’d run something like:

docker run -v $PWD:/work -it nginx openssl req -x509 -sha256 -nodes 
-days 365 -newkey rsa:2048 -keyout privateKey.key -out 
/work/certificate.crt

And you now have your signed certificate, certificate.crt, in the working directory on the host.

There you have it. You’ve created an SSL certificate using OpenSSL without actually running OpenSSL on the host system.

Going Further

You can do much more using commands like the ones above. In particular, if you want to automate the creation of SSL certificates on Docker for either the Docker host or the container, you could integrate these commands into a Dockerfile, then use that to build SSL certificate generation into the Dockerized app that you create using Codefresh.

So while generating SSL certificates used to be a tedious and repetitive process that required software that you probably don’t have installed on the machine you work from normally, Docker containers make SSL certificate creation fast and easy. In fact, they make it so easy that it’s increasingly hard to have an excuse not to be using SSL certificates for encryption.

Docker (software) Host (Unix) OpenSSL

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • Terraform Controller: Cloud Resource Self-Service
  • Change Data Capture to Accelerate Real-Time Analytics
  • Troubleshooting HTTP 502 Bad Gateway in AWS EBS
  • Design Patterns for Microservices

Comments

Cloud Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • MVB Program
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends:

DZone.com is powered by 

AnswerHub logo