go.etcd.io/etcd@v3.3.27+incompatible/integration/fixtures/gencerts.sh

go.etcd.io/etcd@v3.3.27+incompatible/integration/fixtures/gencerts.sh (about)

     1  #!/bin/bash
     2  
     3  if ! [[ "$0" =~ "./gencerts.sh" ]]; then
     4  	echo "must be run from 'fixtures'"
     5  	exit 255
     6  fi
     7  
     8  if ! which cfssl; then
     9  	echo "cfssl is not installed"
    10  	exit 255
    11  fi
    12  
    13  cfssl gencert --initca=true ./ca-csr.json | cfssljson --bare ./ca
    14  mv ca.pem ca.crt
    15  openssl x509 -in ca.crt -noout -text
    16  
    17  # generate DNS: localhost, IP: 127.0.0.1, CN: example.com certificates
    18  cfssl gencert \
    19      --ca ./ca.crt \
    20      --ca-key ./ca-key.pem \
    21      --config ./gencert.json \
    22      ./server-ca-csr.json | cfssljson --bare ./server
    23  mv server.pem server.crt
    24  mv server-key.pem server.key.insecure
    25  
    26  # generate IPv6: [::1], CN: example.com certificates
    27  cfssl gencert \
    28    --ca ./ca.crt \
    29    --ca-key ./ca-key.pem \
    30    --config ./gencert.json \
    31    ./server-ca-csr-ipv6.json | cfssljson --bare ./server-ip
    32  mv server-ip.pem server-ipv6.crt
    33  mv server-ip-key.pem server-ipv6.key.insecure
    34  
    35  # generate DNS: localhost, IP: 127.0.0.1, CN: example2.com certificates
    36  cfssl gencert \
    37      --ca ./ca.crt \
    38      --ca-key ./ca-key.pem \
    39      --config ./gencert.json \
    40      ./server-ca-csr2.json | cfssljson --bare ./server2
    41  mv server2.pem server2.crt
    42  mv server2-key.pem server2.key.insecure
    43  
    44  # generate revoked certificates and crl
    45  cfssl gencert --ca ./ca.crt \
    46      --ca-key ./ca-key.pem \
    47      --config ./gencert.json \
    48      ./server-ca-csr.json 2>revoked.stderr | cfssljson --bare ./server-revoked
    49  mv server-revoked.pem server-revoked.crt
    50  mv server-revoked-key.pem server-revoked.key.insecure
    51  grep serial revoked.stderr | awk ' { print $9 } ' >revoke.txt
    52  cfssl gencrl revoke.txt ca.crt ca-key.pem | base64 --decode >revoke.crl
    53  
    54  # generate wildcard certificates DNS: *.etcd.local
    55  cfssl gencert \
    56      --ca ./ca.crt \
    57      --ca-key ./ca-key.pem \
    58      --config ./gencert.json \
    59      ./server-ca-csr-wildcard.json | cfssljson --bare ./server-wildcard
    60  mv server-wildcard.pem server-wildcard.crt
    61  mv server-wildcard-key.pem server-wildcard.key.insecure
    62  
    63  
    64  rm -f *.csr *.pem *.stderr *.txt