From repository root directory run:
docker build -t generate-self-signed-cert .
Run created image with proper environment variables and mount directory from host to /out directory in container, for example:
docker run -e 'DOMAIN=localhost' -e 'PASSWORD=password' -e 'O=SoftwareDeveloper.Blog' -e 'C=PL' -e 'ST=Podkarpackie' -e 'L=Sanok' -e 'OU=IT' -e 'EMAIL=Contact@SoftwareDeveloper.Blog' -e 'DAYS=3650' -v /home/tometchy/Downloads/cert:/out generate-self-signed-cert
Remember to create mount directory on host before running.
You can set alternative domain names with ALT_DOMAINS environment variable, separated with semicolon (;), for example:
docker run -e 'DOMAIN=example.com' -e 'ALT_DOMAINS=www.example.com' -e 'PASSWORD=password' -e 'O=SoftwareDeveloper.Blog' -e 'C=PL' -e 'ST=Podkarpackie' -e 'L=Sanok' -e 'OU=IT' -e 'EMAIL=Contact@SoftwareDeveloper.Blog' -e 'DAYS=3650' -v /home/tometchy/Downloads/cert:/out generate-self-signed-cert
You can skip parameters which you don't need. For example:
docker run -e 'DOMAIN=localhost' -e 'PASSWORD=password' -v /home/tometchy/Downloads/cert:/out generate-self-signed-cert
will produce certificate, but you will see warning messages, for example:
DAYS environment variable is not assigned, setting 365 days
req: No value provided for Subject Attribute C, skipped
req: No value provided for Subject Attribute ST, skipped
req: No value provided for Subject Attribute L, skipped
req: No value provided for Subject Attribute O, skipped
req: No value provided for Subject Attribute OU, skipped
req: No value provided for Subject Attribute emailAddress, skipped
You can even skip setting password, but then certificate will contain NOT encrypted private key.
To use it on Windows, you must first enable file sharing for your host drive.
Open Docker settings > Resources > File sharing and choose local drive which you to mount to container.
Then restart Docker (even if button says Apply and restart).
At the moment of writing you must use slashes instead of backslashes in Windows path, for example:
docker run -e 'DOMAIN=localhost' -e 'PASSWORD=password' -e 'O=SoftwareDeveloper.Blog' -e 'C=PL' -e 'ST=Podkarpackie' -e 'L=Sanok' -e 'OU=IT' -e 'EMAIL=Contact@SoftwareDeveloper.Blog' -e 'DAYS=3650' -v C:/Users/tometchy/Desktop/cert:/out generate-self-signed-cert
In case of problems with certificate, there is human readable version of certificate in .crt.txt file, so you can investigate and even compare certificates with diff tool such as Meld.
By default this script will generate certificate without KeyUsage property, because it has been observed, that for development purposes this way it works better, as noted in official openssl.cnf file:
Key usage: this is typical for a CA certificate. However since it will prevent it being used as an test self-signed certificate it is best left out by default.
If you want to add key usage, uncomment keyUsage in proper section of custom-openssl.cnf file,
depending on certificate type, for example if you use alternative domain names, then you should edit [ v3_req ] section.
If you don't know which section to edit, simply uncomment every keyUsage in whole file :)
Remember to rebuild image after changing this file.