| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091 |
- #!/usr/bin/env bash
- set -e
- if ! [[ "$0" =~ "./gencerts.sh" ]]; then
- echo "must be run from 'fixtures-expired'"
- exit 255
- fi
- if which cfssl >/dev/null; then
- echo "cfssl is installed; generating certs"
- else
- echo "cfssl is not installed; exiting"
- exit 255
- fi
- cat > ./etcd-root-ca-csr.json <<EOF
- {
- "key": {
- "algo": "rsa",
- "size": 4096
- },
- "names": [
- {
- "O": "etcd",
- "OU": "etcd Security",
- "L": "San Francisco",
- "ST": "California",
- "C": "USA"
- }
- ],
- "CN": "etcd-root-ca",
- "ca": {
- "expiry": "1h"
- }
- }
- EOF
- cfssl gencert --initca=true ./etcd-root-ca-csr.json | cfssljson --bare ./etcd-root-ca
- cat > ./etcd-gencert.json <<EOF
- {
- "signing": {
- "default": {
- "usages": [
- "signing",
- "key encipherment",
- "server auth",
- "client auth"
- ],
- "expiry": "1h"
- }
- }
- }
- EOF
- cat > ./server-ca-csr.json <<EOF
- {
- "key": {
- "algo": "rsa",
- "size": 4096
- },
- "names": [
- {
- "O": "etcd",
- "OU": "etcd Security",
- "L": "San Francisco",
- "ST": "California",
- "C": "USA"
- }
- ],
- "CN": "example.com",
- "hosts": [
- "127.0.0.1",
- "localhost"
- ]
- }
- EOF
- cfssl gencert \
- --ca ./etcd-root-ca.pem \
- --ca-key ./etcd-root-ca-key.pem \
- --config ./etcd-gencert.json \
- ./server-ca-csr.json | cfssljson --bare ./server
- rm ./*.json
- rm ./*.csr
- if which openssl >/dev/null; then
- openssl x509 -in ./etcd-root-ca.pem -text -noout
- openssl x509 -in ./server.pem -text -noout
- fi
|
