go.etcd.io/etcd@v3.3.27+incompatible/integration/fixtures-expired/gencerts.sh (about) 1 #!/usr/bin/env bash 2 set -e 3 4 if ! [[ "$0" =~ "./gencerts.sh" ]]; then 5 echo "must be run from 'fixtures-expired'" 6 exit 255 7 fi 8 9 if which cfssl >/dev/null; then 10 echo "cfssl is installed; generating certs" 11 else 12 echo "cfssl is not installed; exiting" 13 exit 255 14 fi 15 16 cat > ./etcd-root-ca-csr.json <<EOF 17 { 18 "key": { 19 "algo": "rsa", 20 "size": 4096 21 }, 22 "names": [ 23 { 24 "O": "etcd", 25 "OU": "etcd Security", 26 "L": "San Francisco", 27 "ST": "California", 28 "C": "USA" 29 } 30 ], 31 "CN": "etcd-root-ca", 32 "ca": { 33 "expiry": "1h" 34 } 35 } 36 EOF 37 38 cfssl gencert --initca=true ./etcd-root-ca-csr.json | cfssljson --bare ./etcd-root-ca 39 40 cat > ./etcd-gencert.json <<EOF 41 { 42 "signing": { 43 "default": { 44 "usages": [ 45 "signing", 46 "key encipherment", 47 "server auth", 48 "client auth" 49 ], 50 "expiry": "1h" 51 } 52 } 53 } 54 EOF 55 56 cat > ./server-ca-csr.json <<EOF 57 { 58 "key": { 59 "algo": "rsa", 60 "size": 4096 61 }, 62 "names": [ 63 { 64 "O": "etcd", 65 "OU": "etcd Security", 66 "L": "San Francisco", 67 "ST": "California", 68 "C": "USA" 69 } 70 ], 71 "CN": "example.com", 72 "hosts": [ 73 "127.0.0.1", 74 "localhost" 75 ] 76 } 77 EOF 78 79 cfssl gencert \ 80 --ca ./etcd-root-ca.pem \ 81 --ca-key ./etcd-root-ca-key.pem \ 82 --config ./etcd-gencert.json \ 83 ./server-ca-csr.json | cfssljson --bare ./server 84 85 rm ./*.json 86 rm ./*.csr 87 88 if which openssl >/dev/null; then 89 openssl x509 -in ./etcd-root-ca.pem -text -noout 90 openssl x509 -in ./server.pem -text -noout 91 fi