github.com/rajeev159/opa@v0.45.0/topdown/testdata/gencerts.sh

github.com/rajeev159/opa@v0.45.0/topdown/testdata/gencerts.sh (about)

     1  #!/bin/bash
     2  # taken from
     3  # https://github.com/dexidp/dex/blob/2d1ac74ec0ca12ae4d36072525d976c1a596820a/examples/k8s/gencert.sh#L22
     4  
     5  cat <<EOF >req.cnf
     6  [req]
     7  req_extensions = v3_req
     8  distinguished_name = req_distinguished_name
     9  
    10  [req_distinguished_name]
    11  
    12  [v3_req]
    13  basicConstraints = CA:FALSE
    14  keyUsage = nonRepudiation, digitalSignature, keyEncipherment
    15  subjectAltName = @alt_names
    16  
    17  [alt_names]
    18  DNS.1 = localhost
    19  IP.1 = 127.0.0.1
    20  EOF
    21  
    22  openssl genrsa -out ca-key.pem 2048
    23  openssl req -x509 -new -nodes -key ca-key.pem -days 3650 -out ca.pem -subj "/CN=my-ca"
    24  
    25  openssl genrsa -out client-key.pem 2048
    26  openssl req -new -key client-key.pem -out csr.pem -subj "/CN=my-client"
    27  openssl x509 -req -in csr.pem -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out client-cert.pem -days 3650
    28  
    29  openssl genrsa -out client-key-2.pem 2048
    30  openssl req -new -key client-key-2.pem -out csr.pem -subj "/CN=my-client-2"
    31  openssl x509 -req -in csr.pem -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out client-cert-2.pem -days 3650
    32  
    33  openssl genrsa -out server-key.pem 2048
    34  openssl req -new -key server-key.pem -out csr.pem -subj "/CN=my-server" -config req.cnf
    35  openssl x509 -req -in csr.pem -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -days 3650 -extensions v3_req -extfile req.cnf