github.com/operator-framework/operator-lifecycle-manager@v0.30.0/pkg/lib/filemonitor/testdata/cert-config/gen-certs.sh (about) 1 #!/bin/bash 2 # Based off: 3 # https://kubernetes.io/docs/concepts/cluster-administration/certificates/ 4 # 5 # This scripts generates self-signed certificate keypairs, with the only 6 # difference being that the subjects are different (set in $CSR) to easily allow 7 # detecting which are in use. 8 9 function set_variables { 10 MASTER_IP="127.0.0.1" 11 CA_CRT=ca.crt 12 CA_KEY=ca.key 13 CSR=csr-$SUFFIX.conf 14 SERVER_CSR=server-$SUFFIX.csr 15 SERVER_CRT=server-$SUFFIX.crt 16 SERVER_KEY=server-$SUFFIX.key 17 } 18 19 function generate_ca { 20 openssl genrsa -out $CA_KEY 2048 21 openssl req -x509 -new -nodes -key $CA_KEY -subj "/CN=${MASTER_IP}" -days 10000 -out $CA_CRT 22 } 23 24 function generate_certs { 25 echo "Generating certs for $SUFFIX" 26 openssl genrsa -out "$SERVER_KEY" 2048 27 openssl req -new -key "$SERVER_KEY" -out "$SERVER_CSR" -config "$CSR" 28 openssl x509 -req -in "$SERVER_CSR" -CA $CA_CRT -CAkey "$CA_KEY" -CAcreateserial -out "$SERVER_CRT" -days 10000 -extensions v3_ext -extfile "$CSR" 29 #openssl x509 -noout -text -in "$SERVER_CRT" 30 echo "---" 31 } 32 33 34 SUFFIX=old 35 set_variables 36 generate_ca # do this only once 37 generate_certs 38 39 SUFFIX=new 40 set_variables 41 generate_certs