github.com/pingcap/br@v5.3.0-alpha.0.20220125034240-ec59c7b6ce30+incompatible/tests/_utils/generate_certs (about) 1 #!/bin/sh 2 # 3 # Copyright 2020 PingCAP, Inc. 4 # 5 # Licensed under the Apache License, Version 2.0 (the "License"); 6 # you may not use this file except in compliance with the License. 7 # You may obtain a copy of the License at 8 # 9 # http://www.apache.org/licenses/LICENSE-2.0 10 # 11 # Unless required by applicable law or agreed to in writing, software 12 # distributed under the License is distributed on an "AS IS" BASIS, 13 # See the License for the specific language governing permissions and 14 # limitations under the License. 15 16 set -eu 17 18 mkdir -p $TEST_DIR/certs 19 openssl ecparam -out "$TEST_DIR/certs/ca.key" -name prime256v1 -genkey 20 # CA's Common Name must not be the same as signed certificate. 21 openssl req -new -batch -sha256 -subj '/CN=br_tests' -key "$TEST_DIR/certs/ca.key" -out "$TEST_DIR/certs/ca.csr" 22 openssl x509 -req -sha256 -days 2 -in "$TEST_DIR/certs/ca.csr" -signkey "$TEST_DIR/certs/ca.key" -out "$TEST_DIR/certs/ca.pem" 23 for cluster in tidb pd tikv importer lightning tiflash curl ticdc br; do 24 openssl ecparam -out "$TEST_DIR/certs/$cluster.key" -name prime256v1 -genkey 25 openssl req -new -batch -sha256 -subj '/CN=localhost' -key "$TEST_DIR/certs/$cluster.key" -out "$TEST_DIR/certs/$cluster.csr" 26 openssl x509 -req -sha256 -days 1 -extensions EXT -extfile "tests/config/ipsan.cnf" \ 27 -in "$TEST_DIR/certs/$cluster.csr" \ 28 -CA "$TEST_DIR/certs/ca.pem" \ 29 -CAkey "$TEST_DIR/certs/ca.key" \ 30 -CAcreateserial -out "$TEST_DIR/certs/$cluster.pem" 31 done