github.com/adevinta/lava@v0.7.2/internal/containers/testdata/generate_certs.bash

github.com/adevinta/lava@v0.7.2/internal/containers/testdata/generate_certs.bash (about)

     1  #!/bin/bash
     2  # Copyright 2023 Adevinta
     3  
     4  # generate_certs.bash generates a set of server and client
     5  # certificates to use in Docker tests. These certificates have an
     6  # expiration of 100 years.
     7  
     8  set -e -u
     9  
    10  if [[ $# != 1 ]]; then
    11  	echo 'usage: generate_certs.bash dir' >&2
    12  	exit 2
    13  fi
    14  
    15  outdir=$1
    16  
    17  if [[ -e $outdir ]]; then
    18  	echo "error: ${outdir} already exists" >&2
    19  	exit 1
    20  fi
    21  
    22  mkdir -p "${outdir}"
    23  pushd "${outdir}"
    24  
    25  openssl genrsa -out ca-key.pem 4096
    26  openssl req -new -x509 -days 36500 -key ca-key.pem -sha256 -out ca.pem
    27  openssl genrsa -out server-key.pem 4096
    28  openssl req -subj "/CN=server" -sha256 -new -key server-key.pem -out server.csr
    29  echo 'subjectAltName = IP:127.0.0.1' > extfile.cnf
    30  echo 'extendedKeyUsage = serverAuth' >> extfile.cnf
    31  openssl x509 -req -days 36499 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -extfile extfile.cnf
    32  openssl genrsa -out key.pem 4096
    33  openssl req -subj '/CN=client' -new -key key.pem -out client.csr
    34  echo 'extendedKeyUsage = clientAuth' > extfile-client.cnf
    35  openssl x509 -req -days 36498 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem -extfile extfile-client.cnf
    36  
    37  popd