istio.io/istio@v0.0.0-20240520182934-d79c90f27776/security/pkg/pki/testdata/multilevelpki/ecc-certs.sh

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/security/pkg/pki/testdata/multilevelpki/ecc-certs.sh (about)

     1  #!/bin/sh
     2  
     3  # Copyright Istio Authors
     4  #
     5  # Licensed under the Apache License, Version 2.0 (the "License");
     6  # you may not use this file except in compliance with the License.
     7  # You may obtain a copy of the License at
     8  #
     9  #    http://www.apache.org/licenses/LICENSE-2.0
    10  #
    11  # Unless required by applicable law or agreed to in writing, software
    12  # distributed under the License is distributed on an "AS IS" BASIS,
    13  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14  # See the License for the specific language governing permissions and
    15  # limitations under the License.
    16  
    17  # This script generates all keys and certs in the 3level directory.
    18  # There are 3 entities: root CA, intermediate CA and intermediate CA2. The certificates of the 3 CAs form a certification chain.
    19  
    20  # Root CA
    21  #openssl ecparam -genkey -name prime256v1 -out ecc-root-key.pem -noout
    22  openssl req -new -key ecc-root-key.pem -out ecc-root-cert.csr -sha256 <<EOF
    23  US
    24  California
    25  Sunnyvale
    26  Istio
    27  Test
    28  Root CA
    29  test@istio.io
    30  
    31  
    32  EOF
    33  openssl x509 -req -days 3650 -in ecc-root-cert.csr -sha256 -signkey ecc-root-key.pem -out ecc-root-cert.pem
    34  
    35  # Intermediate CA
    36  #openssl ecparam -genkey -name prime256v1 -out ecc-int-key.pem -noout
    37  openssl req -new -key ecc-int-key.pem -out ecc-int-cert.csr -config int-cert.cfg -batch -sha256
    38  
    39  openssl x509 -req -days 3650 -in ecc-int-cert.csr -sha256 -CA ecc-root-cert.pem -CAkey ecc-root-key.pem -CAcreateserial -out ecc-int-cert.pem -extensions v3_req -extfile int-cert.cfg
    40  
    41  
    42  # Intermediate CA2
    43  #openssl ecparam -genkey -name prime256v1 -out ecc-int2-key.pem -noout
    44  openssl req -new -key ecc-int2-key.pem -out ecc-int2-cert.csr -config int2-cert.cfg -batch -sha256
    45  
    46  openssl x509 -req -days 3650 -in ecc-int2-cert.csr -sha256 -CA ecc-int-cert.pem -CAkey ecc-int-key.pem -CAcreateserial -out ecc-int2-cert.pem -extensions v3_req -extfile int2-cert.cfg
    47  
    48  cat ecc-root-cert.pem > ecc-int-cert-chain.pem
    49  cat ecc-int-cert.pem >> ecc-int-cert-chain.pem
    50  cp ecc-int-cert-chain.pem ecc-int2-cert-chain.pem
    51  cat ecc-int2-cert.pem >> ecc-int2-cert-chain.pem
    52  
    53  rm ./*csr
    54  rm ./*srl