Harbor生成自签名证书

访问IP10.0.0.20（自行替换IP或域名）

1. 生成证书

openssl genrsa -out harbor.key 4096

openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=10.0.0.20" -key harbor.key -out harbor.crt

# 生成私钥

openssl genrsa -out 10.0.0.20.key 4096
 
openssl req -sha512 -new -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=10.0.0.20" -key 10.0.0.20.key -out 10.0.0.20.csr

cat > v3.ext <<-EOF
authorityKeyIdentifier = keyid,issuer
basicConstraints = CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = IP:10.0.0.20
EOF

openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA harbor.crt -CAkey harbor.key -CAcreateserial -in 10.0.0.20.csr -out 10.0.0.20.crt

2.修改Harbor配置文件`harbor.yml`

# https related config
https:
  # https port for harbor, default is 443
  port: 443
  # The path of cert and key files for nginx
  certificate: /var/harbor/cert/10.0.0.20.crt
  private_key: /var/harbor/cert/10.0.0.20.key