go.etcd.io/etcd@v3.3.27+incompatible/integration/fixtures/gencerts.sh (about) 1 #!/bin/bash 2 3 if ! [[ "$0" =~ "./gencerts.sh" ]]; then 4 echo "must be run from 'fixtures'" 5 exit 255 6 fi 7 8 if ! which cfssl; then 9 echo "cfssl is not installed" 10 exit 255 11 fi 12 13 cfssl gencert --initca=true ./ca-csr.json | cfssljson --bare ./ca 14 mv ca.pem ca.crt 15 openssl x509 -in ca.crt -noout -text 16 17 # generate DNS: localhost, IP: 127.0.0.1, CN: example.com certificates 18 cfssl gencert \ 19 --ca ./ca.crt \ 20 --ca-key ./ca-key.pem \ 21 --config ./gencert.json \ 22 ./server-ca-csr.json | cfssljson --bare ./server 23 mv server.pem server.crt 24 mv server-key.pem server.key.insecure 25 26 # generate IPv6: [::1], CN: example.com certificates 27 cfssl gencert \ 28 --ca ./ca.crt \ 29 --ca-key ./ca-key.pem \ 30 --config ./gencert.json \ 31 ./server-ca-csr-ipv6.json | cfssljson --bare ./server-ip 32 mv server-ip.pem server-ipv6.crt 33 mv server-ip-key.pem server-ipv6.key.insecure 34 35 # generate DNS: localhost, IP: 127.0.0.1, CN: example2.com certificates 36 cfssl gencert \ 37 --ca ./ca.crt \ 38 --ca-key ./ca-key.pem \ 39 --config ./gencert.json \ 40 ./server-ca-csr2.json | cfssljson --bare ./server2 41 mv server2.pem server2.crt 42 mv server2-key.pem server2.key.insecure 43 44 # generate revoked certificates and crl 45 cfssl gencert --ca ./ca.crt \ 46 --ca-key ./ca-key.pem \ 47 --config ./gencert.json \ 48 ./server-ca-csr.json 2>revoked.stderr | cfssljson --bare ./server-revoked 49 mv server-revoked.pem server-revoked.crt 50 mv server-revoked-key.pem server-revoked.key.insecure 51 grep serial revoked.stderr | awk ' { print $9 } ' >revoke.txt 52 cfssl gencrl revoke.txt ca.crt ca-key.pem | base64 --decode >revoke.crl 53 54 # generate wildcard certificates DNS: *.etcd.local 55 cfssl gencert \ 56 --ca ./ca.crt \ 57 --ca-key ./ca-key.pem \ 58 --config ./gencert.json \ 59 ./server-ca-csr-wildcard.json | cfssljson --bare ./server-wildcard 60 mv server-wildcard.pem server-wildcard.crt 61 mv server-wildcard-key.pem server-wildcard.key.insecure 62 63 64 rm -f *.csr *.pem *.stderr *.txt