google.golang.org/grpc@v1.74.2/testdata/spiffe_end2end/generate.sh (about) 1 #!/bin/bash 2 3 # Generate client/server self signed CAs and certs. 4 openssl req -x509 -newkey rsa:4096 -keyout ca.key -out ca.pem -days 365 -nodes -subj "/C=US/ST=VA/O=Internet Widgits Pty Ltd/CN=foo.bar.hoo.ca.com" 5 6 # The SPIFFE related extensions are listed in spiffe-openssl.cnf config. Both 7 # client_spiffe.pem and server_spiffe.pem are generated in the same way with 8 # original client.pem and server.pem but with using that config. Here are the 9 # exact commands (we pass "-subj" as argument in this case): 10 openssl genrsa -out client.key.rsa 2048 11 openssl pkcs8 -topk8 -in client.key.rsa -out client.key -nocrypt 12 openssl req -new -key client.key -out spiffe-cert.csr \ 13 -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=testclient/ \ 14 -config spiffe-openssl.cnf -reqexts spiffe_client_e2e 15 openssl x509 -req -CA ca.pem -CAkey ca.key -CAcreateserial \ 16 -in spiffe-cert.csr -out client_spiffe.pem -extensions spiffe_client_e2e \ 17 -extfile spiffe-openssl.cnf -days 3650 -sha256 18 19 openssl genrsa -out server.key.rsa 2048 20 openssl pkcs8 -topk8 -in server.key.rsa -out server.key -nocrypt 21 openssl req -new -key server.key -out spiffe-cert.csr \ 22 -subj "/C=US/ST=CA/L=SVL/O=gRPC/CN=*.test.google.com/" \ 23 -config spiffe-openssl.cnf -reqexts spiffe_server_e2e 24 openssl x509 -req -CA ca.pem -CAkey ca.key -CAcreateserial \ 25 -in spiffe-cert.csr -out server_spiffe.pem -extensions spiffe_server_e2e \ 26 -extfile spiffe-openssl.cnf -days 3650 -sha256 27 28 rm *.rsa 29 rm *.csr 30 rm *.srl