generate CA, server and client keys
https://docs.docker.com/articles/https/
First generate CA private and public keys:
openssl genrsa -aes256 -out ca-key.pem 2048
openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem
pwd 123qweASD
Now that we have a CA, you can create a server key and certificate signing request (CSR). Make sure that “Common Name” (i.e., server FQDN or YOUR name) matches the hostname you will use to connect to Docker:
openssl genrsa -out server-key.pem 2048
openssl req -subj “/CN=$HOST” -new -key server-key.pem -out server.csr
Next, we’re going to sign the public key with our CA:
openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem
For client authentication, create a client key and certificate signing request:
openssl genrsa -out key.pem 2048
openssl req -subj ‘/CN=client’ -new -key key.pem -out client.csr
To make the key suitable for client authentication, create an extensions config file:
echo extendedKeyUsage = clientAuth > extfile.cnf
Now sign the public key:
openssl x509 -req -days 365 -in client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem -extfile extfile.cnf
After generating cert.pem and server-cert.pem you can safely remove the two certificate signing requests:
rm -v client.csr server.csr
encode base64 for azure
~/.docker$ l
ca-key.pem ca.pem cert.pem key.pem server-cert.pem server-key.pem
~/.docker$ base64 ca.pem > ca64.pem
~/.docker$ base64 server-cert.pem > server-cert64.pem
~/.docker$ base64 server-key.pem > server-key64.pem
~/.docker$ l
ca64.pem ca.pem key.pem server-cert.pem server-key.pem
ca-key.pem cert.pem server-cert64.pem server-key64.pem
add in azure docker extension using the base 64 certificates