File: gen-pki.sh

package info (click to toggle)
trapperkeeper-metrics-clojure 1.5.0-5
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, sid, trixie
  • size: 464 kB
  • sloc: java: 221; sh: 52; xml: 33; makefile: 27
file content (43 lines) | stat: -rwxr-xr-x 1,083 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
#!/bin/bash

if ! [[ -d dev-resources/ssl ]]; then
  echo "This script must be called from the root of the project and dev-resources/ssl must already exist"
  exit 1
fi

echo
echo "Generating primary self-signed CA"
openssl req -x509 \
  -newkey rsa:4096 \
  -keyout dev-resources/ssl/ca.key \
  -out dev-resources/ssl/ca.pem \
  -days 1825 -nodes \
  -extensions x509v3_CA \
  -config dev-resources/exts.cnf \
  -subj "/C=US/ST=OR/L=Portland/O=Puppet, Inc/CN=puppet"

echo
echo "Generating node cert"
openssl genrsa -out dev-resources/ssl/key.pem 2048

echo
echo "Creating node CSR"
openssl req -new -sha256 \
  -key dev-resources/ssl/key.pem \
  -out dev-resources/ssl/csr.pem \
  -subj "/C=US/ST=OR/L=Portland/O=Puppet, Inc/CN=localhost"

echo
echo "Signing node CSR"
openssl x509 -req \
  -in dev-resources/ssl/csr.pem \
  -CA dev-resources/ssl/ca.pem \
  -CAkey dev-resources/ssl/ca.key \
  -CAcreateserial \
  -out dev-resources/ssl/cert.pem \
  -days 1825 -sha256


echo
echo "Cleaning up files that will not be used by the tests"
rm dev-resources/ssl/{ca.key,ca.srl,csr.pem}