DNS, certificates, and certificate termination

During our PoC, it was okay to use self-signed certificates generated by the UCP at install time. However, as we move into the pilot phase, it's a good time to introduce third-party certificates issued from a trusted source.

There are two kinds of certificates involved with Docker Enterprise:

  • Internal cluster certificates 
  • External client certificates

Each type has its own CA root signing authority. The internal certificates are those used by the Swarm cluster for TLS encryption between the Swarm nodes. The external client certificates are used to access the cluster from outside sources with managed access through the UCP. The certificates we are primarily interested in for configuration are ...

Get Mastering Docker Enterprise now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.