Strona główna Odkrywaj Pomoc
Zarejestruj się Zaloguj się
publics
/
etcd-io__etcd
0
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Gałąź: master
Gałęzie Tagi
etcd-io__etcd
/
integration
/
fixtures
/
gencerts.sh

gencerts.sh 2.7 KB
Bezpośredni odnośnik Historia Czysty

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293 
  1. #!/bin/bash
    2. 

  2. 

  3. if ! [[ "$0" =~ "./gencerts.sh" ]]; then
    4. 

  4.   echo "must be run from 'fixtures'"
    5. 

  5.   exit 255
    6. 

  6. fi
    7. 

  7. 

  8. if ! which cfssl; then
    9. 

  9.   echo "cfssl is not installed"
    10. 

  10.   exit 255
    11. 

  11. fi
    12. 

  12. 

  13. cfssl gencert --initca=true ./ca-csr.json | cfssljson --bare ./ca
    14. 

  14. mv ca.pem ca.crt
    15. 

  15. if which openssl >/dev/null; then
    16. 

  16.   openssl x509 -in ca.crt -noout -text
    17. 

  17. fi
    18. 

  18. 

  19. # generate DNS: localhost, IP: 127.0.0.1, CN: example.com certificates
    20. 

  20. cfssl gencert \
    21. 

  21.   --ca ./ca.crt \
    22. 

  22.   --ca-key ./ca-key.pem \
    23. 

  23.   --config ./gencert.json \
    24. 

  24.   ./server-ca-csr.json | cfssljson --bare ./server
    25. 

  25. mv server.pem server.crt
    26. 

  26. mv server-key.pem server.key.insecure
    27. 

  27. 

  28. # generate DNS: localhost, IP: 127.0.0.1, CN: example.com certificates (ECDSA)
    29. 

  29. cfssl gencert \
    30. 

  30.   --ca ./ca.crt \
    31. 

  31.   --ca-key ./ca-key.pem \
    32. 

  32.   --config ./gencert.json \
    33. 

  33.   ./server-ca-csr-ecdsa.json | cfssljson --bare ./server-ecdsa
    34. 

  34. mv server-ecdsa.pem server-ecdsa.crt
    35. 

  35. mv server-ecdsa-key.pem server-ecdsa.key.insecure
    36. 

  36. 

  37. # generate IP: 127.0.0.1, CN: example.com certificates
    38. 

  38. cfssl gencert \
    39. 

  39.   --ca ./ca.crt \
    40. 

  40.   --ca-key ./ca-key.pem \
    41. 

  41.   --config ./gencert.json \
    42. 

  42.   ./server-ca-csr-ip.json | cfssljson --bare ./server-ip
    43. 

  43. mv server-ip.pem server-ip.crt
    44. 

  44. mv server-ip-key.pem server-ip.key.insecure
    45. 

  45. 

  46. # generate IPv6: [::1], CN: example.com certificates
    47. 

  47. cfssl gencert \
    48. 

  48.   --ca ./ca.crt \
    49. 

  49.   --ca-key ./ca-key.pem \
    50. 

  50.   --config ./gencert.json \
    51. 

  51.   ./server-ca-csr-ipv6.json | cfssljson --bare ./server-ip
    52. 

  52. mv server-ip.pem server-ipv6.crt
    53. 

  53. mv server-ip-key.pem server-ipv6.key.insecure
    54. 

  54. 

  55. # generate DNS: localhost, IP: 127.0.0.1, CN: example2.com certificates
    56. 

  56. cfssl gencert \
    57. 

  57.   --ca ./ca.crt \
    58. 

  58.   --ca-key ./ca-key.pem \
    59. 

  59.   --config ./gencert.json \
    60. 

  60.   ./server-ca-csr2.json | cfssljson --bare ./server2
    61. 

  61. mv server2.pem server2.crt
    62. 

  62. mv server2-key.pem server2.key.insecure
    63. 

  63. 

  64. # generate DNS: localhost, IP: 127.0.0.1, CN: "" certificates
    65. 

  65. cfssl gencert \
    66. 

  66.   --ca ./ca.crt \
    67. 

  67.   --ca-key ./ca-key.pem \
    68. 

  68.   --config ./gencert.json \
    69. 

  69.   ./server-ca-csr3.json | cfssljson --bare ./server3
    70. 

  70. mv server3.pem server3.crt
    71. 

  71. mv server3-key.pem server3.key.insecure
    72. 

  72. 

  73. # generate revoked certificates and crl
    74. 

  74. cfssl gencert --ca ./ca.crt \
    75. 

  75.   --ca-key ./ca-key.pem \
    76. 

  76.   --config ./gencert.json \
    77. 

  77.   ./server-ca-csr.json 2>revoked.stderr | cfssljson --bare ./server-revoked
    78. 

  78. mv server-revoked.pem server-revoked.crt
    79. 

  79. mv server-revoked-key.pem server-revoked.key.insecure
    80. 

  80. grep serial revoked.stderr | awk ' { print $9 } ' >revoke.txt
    81. 

  81. cfssl gencrl revoke.txt ca.crt ca-key.pem | base64 --decode >revoke.crl
    82. 

  82. 

  83. # generate wildcard certificates DNS: *.etcd.local
    84. 

  84. cfssl gencert \
    85. 

  85.   --ca ./ca.crt \
    86. 

  86.   --ca-key ./ca-key.pem \
    87. 

  87.   --config ./gencert.json \
    88. 

  88.   ./server-ca-csr-wildcard.json | cfssljson --bare ./server-wildcard
    89. 

  89. mv server-wildcard.pem server-wildcard.crt
    90. 

  90. mv server-wildcard-key.pem server-wildcard.key.insecure
    91. 

  91. 

  92. 

  93. rm -f *.csr *.pem *.stderr *.txt
    94.