github.com/vmware/govmomi@v0.37.1/govc/test/host_cert_sign.sh

github.com/vmware/govmomi@v0.37.1/govc/test/host_cert_sign.sh (about)

     1  #!/bin/bash -e
     2  
     3  # Usage: govc host.cert.csr | ./host_cert_sign.sh | govc host.cert.import
     4  
     5  pushd "$(dirname "$0")" >/dev/null
     6  
     7  days=$((365 * 5))
     8  
     9  if [ ! -e govc_ca.key ] ; then
    10    echo "Generating CA private key..." 1>&2
    11    openssl genrsa -out govc_ca.key 2048
    12  
    13    echo "Generating CA self signed certificate..." 1>&2
    14    openssl req -x509 -new -nodes -key govc_ca.key -out govc_ca.pem -subj /C=US/ST=CA/L=SF/O=VMware/OU=Eng/CN=govc-ca -days $days
    15  fi
    16  
    17  echo "Signing CSR with the CA certificate..." 1>&2
    18  
    19  # The hostd generated CSR includes:
    20  #   Requested Extensions:
    21  #       X509v3 Subject Alternative Name:
    22  #       IP Address:$ip
    23  # But seems it doesn't get copied by default, so we end up with:
    24  #   x509: cannot validate certificate for $ip because it doesn't contain any IP SANs (x509.HostnameError)
    25  # Using -extfile to add it to the signed cert.
    26  
    27  ip=$(govc env -x GOVC_URL_HOST)
    28  openssl x509 -req -CA govc_ca.pem -CAkey govc_ca.key -CAcreateserial -days $days -extfile <(echo "subjectAltName=IP:$ip")
    29  
    30  popd >/dev/null