avhimkov
9/9/2016 - 11:08 AM

external server cert

external server cert

To specify an externally-generated and signed certificate for the UCP controller during a command line installation, use the --external-server-cert option.

First, create a storage volume named ucp-controller-server-certs with ca.pem, cert.pem, and key.pem in the root directory before running the install. It must contain the following:

ca.pem - This should have exactly one certificate, and that should be the root certificate authority for the whole chain.
cert.pem - This should have the actual certificate for UCP, and all its intermediate certificates. The actual certificate should be at the top. The next certificate should be the next certificate in the chain. The last certificate should be signed by the root certificate that appears in ca.pem,/code>.
key.pem - This should have only the private key file and nothing else.
Then, when installing UCP, use the --external-server-cert option (shown in red):

docker run --rm -it \
  --name ucp \
  -v /var/run/docker.sock:/var/run/docker.sock \
  --external-server-cert \
  docker/ucp \
  install [command options]
The cert files in the storage volume named ucp-controller-server-certs will be used when the --external-server-cert option is specified.