Harbor私有镜像仓库

mkdir -p ssl
cd ssl/

openssl  genrsa -out ca.key 3072
openssl req  -new -x509 -day 1095 -key ca.key -out ca.pem
openssl req  -new -x509 -days 1095 -key ca.key -out ca.pem

openssl  genrsa -out cohen.key 3072
openssl  req -new -key cohen.key  -out cohen.csr

openssl x509 -req -in cohen.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out cohen.pem -days 1095

openssl x509 -noout -text -in cohen.pem

信任自签发的域名证书

cp ca.pem  /etc/pki/ca-trust/source/anchors/

update-ca-trust enable

update-ca-trust extract