how docker-machine uses docker api to copy certificates

My question is, as I understand docker-machine uses docker remote API to do whatever it does, for example to regenerate certificates. I have checked docker API but couldn’t find how it’s possible to send certificates to that machine using only docker api, can someone help please?

  • Docker 1.9: Adding --link target to a running nginx container
  • Use of container docker as a proxy for CF app to get public IP
  • Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
  • How to install docker-compose on Linux RHEL 6.6?
  • use nvidia-docker from docker-compose
  • docker exec command with Popen in Python
  • node.js in a dockerfile cant connect to mongolabs via mongoose: getaddrinfo ESRCH
  • CoreOS Kubernetes how to monitor Node processes?
  • Deploying Django with Docker on Amazon Elastic Beanstalk
  • Using docker-compose to set up a nodejs app with mysql
  • Start a service in docker container failed,with error: Failed to get D-Bus connection: No connection to service manager
  • Docker container doesnot reflect changes on machines other than it was created
  • One Solution collect form web for “how docker-machine uses docker api to copy certificates”

    The TLS files are hosted locally on the Docker client. For this reason you should protect the files as if they were a root password.

    This page will walk you through generating the files needed to negotiate a connection over TLS. Note that the remote daemon must be running TLS.

    https://docs.docker.com/engine/security/https/

    docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=$HOST:2376 version

    Note: Docker over TLS should run on TCP port 2376.

    Warning: As shown in the example above, you don’t have to run the
    docker client with sudo or the docker group when you use certificate
    authentication. That means anyone with the keys can give any
    instructions to your Docker daemon, giving them root access to the
    machine hosting the daemon. Guard these keys as you would a root
    password!

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.