github.com/graywolf-at-work-2/terraform-vendor@v1.4.5/internal/backend/remote-state/http/testdata/gencerts.sh

github.com/graywolf-at-work-2/terraform-vendor@v1.4.5/internal/backend/remote-state/http/testdata/gencerts.sh (about)

     1  #!/usr/bin/env bash
     2  #
     3  # Generates certs required for mTLS testing:
     4  # - ca.key and ca.cert.pem are self-signed, used as the source of truth for client and server to verify each other.
     5  # - client.key and client.crt are the client's key and cert (signed by the ca key and cert)
     6  # - server.key and server.crt are the server's key and cert (signed by the ca key and cert)
     7  
     8  set -ex
     9  
    10  # I was doing this on M1 mac and needed newer openssl to add the SAN IP; please export OPENSSL when invoking as needed
    11  OPENSSL="${OPENSSL:-openssl}"
    12  
    13  # Nuke and recreate the certs dir
    14  rm -rf certs
    15  mkdir certs
    16  cd certs || exit 1
    17  
    18  # CA
    19  "$OPENSSL" genrsa -out ca.key 4096
    20  "$OPENSSL" req -new -x509 -days 365000 -key ca.key -out ca.cert.pem
    21  
    22  # Server
    23  "$OPENSSL" genrsa -out server.key 4096
    24  "$OPENSSL" req -new -key server.key -out server.csr -addext 'subjectAltName = IP:127.0.0.1'
    25  "$OPENSSL" x509 -req -days 365000 -in server.csr -CA ca.cert.pem -CAkey ca.key -CAcreateserial -out server.crt -copy_extensions copy
    26  
    27  # Client
    28  "$OPENSSL" genrsa -out client.key 4096
    29  "$OPENSSL" req -new -key client.key -out client.csr -addext 'subjectAltName = IP:127.0.0.1'
    30  "$OPENSSL" x509 -req -days 365000 -in client.csr -CA ca.cert.pem -CAkey ca.key -CAcreateserial -out client.crt -copy_extensions copy