use built-in certs

bruegth · bruegth · commit 3971672656e7 · 2025-09-23T16:08:10.000+02:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -47,31 +47,13 @@ jobs:
         run: dotnet build -c Release --framework ${{ matrix.framework }}
         working-directory: test
 
-      - name: Generate TLS certs for Docker
+      - name: Pack client cert, key, ca for C# docker client
         run: |
           mkdir -p ${{ github.workspace }}/certs
           sudo chmod 777 ${{ github.workspace }}/certs
 
-          # Generate CA key and cert
-          openssl genrsa -out ${{ github.workspace }}/certs/ca-key.pem 2048
-          openssl req -x509 -new -nodes -key ${{ github.workspace }}/certs/ca-key.pem -sha256 -days 365 -out ${{ github.workspace }}/certs/ca.pem -subj "/CN=docker-ca"
-
-          # Generate server key and CSR
-          openssl genrsa -out ${{ github.workspace }}/certs/server-key.pem 2048
-          openssl req -new -key ${{ github.workspace }}/certs/server-key.pem -out ${{ github.workspace }}/certs/server.csr -subj "/CN=localhost"
-
-          # Sign server cert with CA
-          openssl x509 -req -in ${{ github.workspace }}/certs/server.csr -CA ${{ github.workspace }}/certs/ca.pem -CAkey ${{ github.workspace }}/certs/ca-key.pem -CAcreateserial -out ${{ github.workspace }}/certs/server-cert.pem -days 365 -sha256
-
-          # Generate client key and CSR
-          openssl genrsa -out ${{ github.workspace }}/certs/key.pem 2048
-          openssl req -new -key ${{ github.workspace }}/certs/key.pem -out ${{ github.workspace }}/certs/client.csr -subj "/CN=client"
-
-          # Sign client cert with CA
-          openssl x509 -req -in ${{ github.workspace }}/certs/client.csr -CA ${{ github.workspace }}/certs/ca.pem -CAkey ${{ github.workspace }}/certs/ca-key.pem -CAcreateserial -out ${{ github.workspace }}/certs/cert.pem -days 365 -sha256
-
           # create pfx
-          openssl pkcs12 -export -out ${{ github.workspace }}/certs/client.pfx -inkey ${{ github.workspace }}/certs/key.pem -in ${{ github.workspace }}/certs/cert.pem -certfile ${{ github.workspace }}/certs/ca.pem -passout pass:
+          openssl pkcs12 -export -out ${{ github.workspace }}/certs/client.pfx -inkey ${{ github.workspace }}/certs/client/key.pem -in ${{ github.workspace }}/certs/client/cert.pem -certfile ${{ github.workspace }}/certs/client/ca.pem -passout pass:
 
       - name: Wait for Docker (no TLS) to be healthy
         run: |
@@ -90,9 +72,9 @@ jobs:
         run: |
           for i in {1..10}; do
             if docker --host=tcp://localhost:2376 --tlsverify \
-              --tlscacert=${{ github.workspace }}/certs/ca.pem \
-              --tlscert=${{ github.workspace }}/certs/cert.pem \
-              --tlskey=${{ github.workspace }}/certs/key.pem version; then
+              --tlscacert=${{ github.workspace }}/certs/client/ca.pem \
+              --tlscert=${{ github.workspace }}/certs/client/cert.pem \
+              --tlskey=${{ github.workspace }}/certs/client/key.pem version; then
               echo "Docker (TLS) is ready!"
               exit 0
             fi
