github.com/Heebron/moby@v0.0.0-20221111184709-6eab4f55faf7/hack/generate-test-rogue-certs.sh (about) 1 #!/bin/bash 2 set -eu 3 4 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)" 5 6 OUT_DIR="${SCRIPT_DIR}/../integration-cli/fixtures/https" 7 8 # generate CA 9 echo 01 > "${OUT_DIR}/ca-rogue.srl" 10 openssl genrsa -out "${OUT_DIR}/ca-rogue-key.pem" 11 12 openssl req \ 13 -new \ 14 -x509 \ 15 -days 3652 \ 16 -subj "/C=US/ST=CA/L=SanFrancisco/O=Evil Inc/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain" \ 17 -nameopt compat \ 18 -text \ 19 -key "${OUT_DIR}/ca-rogue-key.pem" \ 20 -out "${OUT_DIR}/ca-rogue.pem" 21 22 # Now that we have a CA, create a server key and certificate signing request. 23 # Make sure that `"Common Name (e.g. server FQDN or YOUR name)"` matches the hostname you will use 24 # to connect or just use '*' for a certificate valid for any hostname: 25 26 openssl genrsa -out "${OUT_DIR}/server-rogue-key.pem" 27 openssl req -new \ 28 -subj "/C=US/ST=CA/L=SanFrancisco/O=Evil Inc/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain" \ 29 -text \ 30 -key "${OUT_DIR}/server-rogue-key.pem" \ 31 -out "${OUT_DIR}/server-rogue.csr" 32 33 # Options for server certificate 34 cat > "${OUT_DIR}/server-rogue-options.cfg" << 'EOF' 35 basicConstraints=CA:FALSE 36 subjectKeyIdentifier=hash 37 authorityKeyIdentifier=keyid,issuer 38 extendedKeyUsage=serverAuth 39 subjectAltName=DNS:*,DNS:localhost,IP:127.0.0.1,IP:::1 40 EOF 41 42 # Generate the certificate and sign with our CA 43 openssl x509 \ 44 -req \ 45 -days 3652 \ 46 -extfile "${OUT_DIR}/server-rogue-options.cfg" \ 47 -CA "${OUT_DIR}/ca-rogue.pem" \ 48 -CAkey "${OUT_DIR}/ca-rogue-key.pem" \ 49 -nameopt compat \ 50 -text \ 51 -in "${OUT_DIR}/server-rogue.csr" \ 52 -out "${OUT_DIR}/server-rogue-cert.pem" 53 54 # For client authentication, create a client key and certificate signing request 55 openssl genrsa -out "${OUT_DIR}/client-rogue-key.pem" 56 openssl req -new \ 57 -subj "/C=US/ST=CA/L=SanFrancisco/O=Evil Inc/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain" \ 58 -text \ 59 -key "${OUT_DIR}/client-rogue-key.pem" \ 60 -out "${OUT_DIR}/client-rogue.csr" 61 62 # Options for client certificate 63 cat > "${OUT_DIR}/client-rogue-options.cfg" << 'EOF' 64 basicConstraints=CA:FALSE 65 subjectKeyIdentifier=hash 66 authorityKeyIdentifier=keyid,issuer 67 extendedKeyUsage=clientAuth 68 subjectAltName=DNS:*,DNS:localhost,IP:127.0.0.1,IP:::1 69 EOF 70 71 # Generate the certificate and sign with our CA: 72 openssl x509 \ 73 -req \ 74 -days 3652 \ 75 -extfile "${OUT_DIR}/client-rogue-options.cfg" \ 76 -CA "${OUT_DIR}/ca-rogue.pem" \ 77 -CAkey "${OUT_DIR}/ca-rogue-key.pem" \ 78 -nameopt compat \ 79 -text \ 80 -in "${OUT_DIR}/client-rogue.csr" \ 81 -out "${OUT_DIR}/client-rogue-cert.pem" 82 83 rm "${OUT_DIR}/ca-rogue.srl" 84 rm "${OUT_DIR}/ca-rogue-key.pem" 85 rm "${OUT_DIR}"/*.cfg 86 rm "${OUT_DIR}"/*.csr