github.com/pingcap/tiflow@v0.0.0-20240520035814-5bf52d54e205/engine/test/utils/generate_cert

github.com/pingcap/tiflow@v0.0.0-20240520035814-5bf52d54e205/engine/test/utils/generate_cert (about)

     1  #!/bin/bash
     2  set -e
     3  
     4  # parameter 1: work directory
     5  # parameter 2, ...: certificate file prefixes
     6  
     7  workdir=$1
     8  shift
     9  
    10  mkdir -p $workdir
    11  cd $workdir
    12  
    13  cat - >"ipsan.cnf" <<EOF
    14  [dn]
    15  CN = localhost
    16  [req]
    17  distinguished_name = dn
    18  [EXT]
    19  subjectAltName = @alt_names
    20  keyUsage = digitalSignature,keyEncipherment
    21  extendedKeyUsage = clientAuth,serverAuth
    22  [alt_names]
    23  DNS.1 = localhost
    24  IP.1 = 127.0.0.1
    25  EOF
    26  
    27  # generate CA
    28  
    29  openssl genrsa -out ca.key 4096
    30  openssl req -new -x509 -days 1000 -key ca.key -out ca.pem -subj "/CN=localhost" 2>/dev/null
    31  
    32  # generate server certificate
    33  
    34  for role in "$@"; do
    35  	openssl genrsa -out "$role.key" 2048
    36  	openssl req -new -key "$role.key" -out "$role.csr" -subj "/CN=${role}"
    37  	openssl x509 -req -days 365 -extensions EXT -extfile "ipsan.cnf" -in "$role.csr" -CA "ca.pem" -CAkey "ca.key" -CAcreateserial -out "$role.pem" 2>/dev/null
    38  done
    39  
    40  # generate client certificate
    41  
    42  openssl genrsa -out client.key 2048
    43  openssl req -new -key client.key -out client.csr -subj "/CN=client"
    44  openssl x509 -req -days 365 -CA ca.pem -CAkey ca.key -CAcreateserial -in client.csr -out client.pem 2>/dev/null