-
Notifications
You must be signed in to change notification settings - Fork 0
/
gen-certs.sh
executable file
·65 lines (51 loc) · 1.29 KB
/
gen-certs.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#!/usr/bin/env bash
#
# Requires:
# go install github.com/cloudflare/cfssl/cmd/cfssl@latest
# go install github.com/cloudflare/cfssl/cmd/cfssljson@latest
#
set -euox pipefail
basedir=$( cd "${0%/*}" && pwd )
ca() {
name=$1
filename=$2
echo "{\"names\":[{\"CN\": \"${name}\",\"OU\":\"None\"}], \"ca\": {\"expiry\": \"87600h\"}}" \
| cfssl genkey -initca - \
| cfssljson -bare "${filename}"
rm "${filename}.csr"
}
ee() {
ca_name=$1
ee_name=$2
ee_ns=$3
hostname="${ee_name}.${ee_ns}.com"
cn=""
if [ "${4}" == "1" ]; then
cn="${hostname}"
fi
ee="${ee_name}-${ee_ns}-${ca_name}"
echo '{}' \
| cfssl gencert -ca "${ca_name}.pem" \
-cn "${cn}" \
-ca-key "${ca_name}-key.pem" \
-hostname "${hostname}" -config="../ca-config.json" - \
| cfssljson -bare "${ee}"
mkdir -p "${ee}"
openssl pkcs8 -topk8 -nocrypt -inform pem -outform der \
-in "${ee}-key.pem" \
-out "${ee}/key.p8"
rm "${ee}-key.pem"
openssl x509 -inform pem -outform der \
-in "${ee}.pem" \
-out "${ee}/crt.der"
rm "${ee}.pem"
## TODO DER-encode?
#openssl x509 -inform pem -outform der \
# -in "${ee}.csr" \
# -out "${ee}/csr.der"
mv "${ee}.csr" "${ee}/csr.pem"
}
cd "${basedir}/testdata"
ca 'Cluster-local CA 1' ca1
ee ca1 no-cn test 0
ee ca1 cn test 1