我使用以下命令生成了 SSL 证书:
C=PL
ST=Mazovia
L=Warsaw
O="PHP-HTTP"
CN="192.168.56.10"
openssl req -out ca.pem -new -x509 -subj "/C=$C/ST=$ST/L=$L/O=$O/CN=socket-server" -passout pass:password
openssl genrsa -out server.key
openssl req -key server.key -new -out server.req -subj "/C=$C/ST=$ST/L=$L/O=$O/CN=$CN" -passout pass:password
openssl x509 -req -in server.req -CA ca.pem -CAkey privkey.pem -CAserial file.srl -out server.pem -passin pass:password
openssl genrsa -out client.key
openssl req -key client.key -new -out client.req -subj "/C=$C/ST=$ST/L=$L/O=$O/CN=socket-adapter-client" -passout pass:password
openssl x509 -req -in client.req -CA ca.pem -CAkey privkey.pem -CAserial file.srl -out client.pem -passin pass:password
我将它们应用到 dockerd 守护进程:
sudo cp ca.pem /root/.docker/
sudo cp server.key /root/.docker/key.pem
sudo cp server.pem /root/.docker/cert.pem
--tlsverify
通过添加( Alpine linux )来启用它们
并从 PHP 脚本成功连接到 /version 端点:
$client = (new CurlHttpClient([
// 'bindto' => '/var/run/docker.sock'
'cafile' => __DIR__ . '/../../../ssl-test/ca.pem',
'local_cert' => __DIR__ . '/../../../ssl-test/client.pem',
'local_pk' => __DIR__ . '/../../../ssl-test/client.key',
// 'verify_host' => false,
]));
$response = $client->request(
'GET',
'https://192.168.56.10:2376/version'
);
我想使用普通curl
命令建立该连接,但无论我使用什么组合--cacert
或--cert
选项,它都会给我一个错误。我应该如何捆绑输出文件以建立工作连接?
编辑>系统:WSL2 Ubuntu 22.04.3 LTS