go.etcd.io/etcd@v3.3.27+incompatible/hack/scripts-dev/docker-dns/certs-common-name-multi/gencerts.sh (about) 1 #!/bin/bash 2 3 if ! [[ "$0" =~ "./gencerts.sh" ]]; then 4 echo "must be run from 'fixtures'" 5 exit 255 6 fi 7 8 if ! which cfssl; then 9 echo "cfssl is not installed" 10 exit 255 11 fi 12 13 cfssl gencert --initca=true ./ca-csr.json | cfssljson --bare ./ca 14 mv ca.pem ca.crt 15 openssl x509 -in ca.crt -noout -text 16 17 # generate wildcard certificates DNS: m1/m2/m3.etcd.local 18 cfssl gencert \ 19 --ca ./ca.crt \ 20 --ca-key ./ca-key.pem \ 21 --config ./gencert.json \ 22 ./server-ca-csr-1.json | cfssljson --bare ./server-1 23 mv server-1.pem server-1.crt 24 mv server-1-key.pem server-1.key.insecure 25 26 cfssl gencert \ 27 --ca ./ca.crt \ 28 --ca-key ./ca-key.pem \ 29 --config ./gencert.json \ 30 ./server-ca-csr-2.json | cfssljson --bare ./server-2 31 mv server-2.pem server-2.crt 32 mv server-2-key.pem server-2.key.insecure 33 34 cfssl gencert \ 35 --ca ./ca.crt \ 36 --ca-key ./ca-key.pem \ 37 --config ./gencert.json \ 38 ./server-ca-csr-3.json | cfssljson --bare ./server-3 39 mv server-3.pem server-3.crt 40 mv server-3-key.pem server-3.key.insecure 41 42 rm -f *.csr *.pem *.stderr *.txt