During our PoC, it was okay to use self-signed certificates generated by the UCP at install time. However, as we move into the pilot phase, it's a good time to introduce third-party certificates issued from a trusted source.
There are two kinds of certificates involved with Docker Enterprise:
- Internal cluster certificates
- External client certificates
Each type has its own CA root signing authority. The internal certificates are those used by the Swarm cluster for TLS encryption between the Swarm nodes. The external client certificates are used to access the cluster from outside sources with managed access through the UCP. The certificates we are primarily interested in for configuration are ...