我是Docker Notary的新手,需要为我的研究工作设置服务器。这个问题是我使用的是自签名证书,已经覆盖了默认的root-ca.crt,notary-signer.crt和notary-server.crt。
Openssl正确验证证书,从输出中可以看出:
subject=/C=SG/ST=Some-State/O=<value>/OU=DCT/CN=<Amazon EC2 hostname>/emailAddress=<value>
issuer=/C=SG/ST=Some-State/O=<value>/OU=DCT/CN=<Amazon EC2 hostname>/emailAddress=<value>
No client certificate CA names sent
Peer signing digest: SHA384
Server Temp Key: ECDH, P-256, 256 bits
SSL handshake has read 2348 bytes and written 431 bytes
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 398FCDC32B644161D9243A25AA4E001408874E93247427609CD95E6EF8F83761
Session-ID-ctx:
Master-Key: 5427F024069D898563712EA826F2DF1582E8383F63FB13E9F6C6B6CAF1C4DC0A027942679426341F889F2E9DB0062C1D
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket:
0000 - bc e4 fe 83 82 a1 1b 96-44 f7 1d 0c 9e 6f 45 8d ........D....oE.
0010 - 93 1e 5a c2 8c 9f 72 db-f6 45 4a 86 69 fe 30 20 ..Z...r..EJ.i.0
0020 - 98 9f 08 3d f5 bd ad d5-65 df 48 58 e4 6c f9 06 ...=....e.HX.l..
0030 - b6 28 e7 df 03 04 ac ad-ea 87 2c d8 db 64 73 44 .(........,..dsD
0040 - 0a b7 26 fe 2f a7 39 9c-5d 25 ca 21 68 76 37 26 ..&./.9.]%.!hv7&
0050 - 5e 0b d7 ea be 97 ea c8-16 b6 b0 04 30 13 0d 1e ^...........0...
0060 - 01 98 5e cf a1 58 61 df-30 14 d8 a6 f5 c0 7b 85 ..^..Xa.0.....{.
0070 - 11 cb 4c 73 93 e3 1e 53- ..Ls...S
Start Time: 1494736027
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
HTTP/1.1 400 Bad Request
Content-Type: text/plain; charset=utf-8
Connection: close
400 Bad Requestclosed
我还编辑了server-config.json以将证书算法反映到RSA,并在config.json中编辑cmd/notary以指向我的主机名:4443。
问题是在重建docker公证并运行命令
之后notary -s https://<server hostname>:4443 -d ~/.docker/trust list docker.io/library
我得到了这个结果
* fatal: no trust data available
我觉得令人沮丧的是,在过去的两天里,我一直在思考这个问题并且文档不清楚如何去做(可能因为它甚至还没有稳定)。
对此有任何帮助将不胜感激!