github.com/pingcap/tiflow@v0.0.0-20240520035814-5bf52d54e205/dm/tests/tls/conf/generate_tls.sh

github.com/pingcap/tiflow@v0.0.0-20240520035814-5bf52d54e205/dm/tests/tls/conf/generate_tls.sh (about)

     1  #!/bin/bash
     2  
     3  # this script used to generate tls file
     4  
     5  cat - >"ipsan.cnf" <<EOF
     6  [dn]
     7  CN = localhost
     8  [req]
     9  distinguished_name = dn
    10  [EXT]
    11  subjectAltName = @alt_names
    12  keyUsage = digitalSignature,keyEncipherment
    13  extendedKeyUsage = clientAuth,serverAuth
    14  [alt_names]
    15  DNS.1 = localhost
    16  IP.1 = 127.0.0.1
    17  EOF
    18  
    19  openssl ecparam -out "ca.key" -name prime256v1 -genkey
    20  openssl req -new -batch -sha256 -subj '/CN=localhost' -key "ca.key" -out "ca.csr"
    21  openssl x509 -req -sha256 -days 100000 -in "ca.csr" -signkey "ca.key" -out "ca.pem" 2>/dev/null
    22  
    23  for role in dm other; do
    24  	openssl ecparam -out "$role.key" -name prime256v1 -genkey
    25  	openssl req -new -batch -sha256 -subj "/CN=${role}" -key "$role.key" -out "$role.csr"
    26  	openssl x509 -req -sha256 -days 100000 -extensions EXT -extfile "ipsan.cnf" -in "$role.csr" -CA "ca.pem" -CAkey "ca.key" -CAcreateserial -out "$role.pem" 2>/dev/null
    27  done