github.com/aporeto-inc/trireme-lib@v10.358.0+incompatible/controller/internal/enforcer/applicationproxy/tcp/verifier/testdata/generate-certs.sh (about) 1 #!/bin/bash 2 3 # This files generates new certs if the generated certs expire. We cant use openssl as this has aporeto extensions 4 5 echo "Generate CA" 6 tg cert --name myca --org acme --common-name root --is-ca --pass secret --force 7 8 echo "Generate Client-IP Cert With Aporeto extensions but missing key tags" 9 tg cert --name myclient-bad --org acme --common-name client-bad \ 10 --auth-client --signing-cert myca-cert.pem \ 11 --signing-cert-key myca-key.pem \ 12 --signing-cert-key-pass secret \ 13 --tags "\$controller=10.10.10.10" \ 14 --ip 10.10.10.10 --force 15 16 echo "Generate Client-IP Cert" 17 tg cert --name myclient-ip --org acme --common-name client-ip \ 18 --auth-client --signing-cert myca-cert.pem \ 19 --signing-cert-key myca-key.pem \ 20 --signing-cert-key-pass secret \ 21 --tags "\$identity=processingunit" --tags "\$id=some" --tags "\$controller=10.10.10.10" \ 22 --ip 10.10.10.10 --force 23 24 echo "Generate Client-DNS Cert" 25 tg cert --name myclient-dns --org acme --common-name client-dns \ 26 --auth-client --signing-cert myca-cert.pem \ 27 --signing-cert-key myca-key.pem \ 28 --signing-cert-key-pass secret \ 29 --tags "\$identity=processingunit" --tags "\$id=some" --tags "\$controller=www.client.com" \ 30 --dns www.client.com --force 31 32 echo "Generate Server Cert" 33 tg cert --name myserver --org acme --common-name server \ 34 --auth-server --signing-cert myca-cert.pem \ 35 --signing-cert-key myca-key.pem \ 36 --signing-cert-key-pass secret \ 37 --tags "\$identity=processingunit" --tags "\$id=some" --tags "\$controller=www.server.com" \ 38 --dns www.server.com --force 39 40 rm -f *-key.pem