istio.io/istio@v0.0.0-20240520182934-d79c90f27776/security/samples/plugin_ca_certs/gen_certs.sh (about) 1 #!/bin/sh 2 3 # Copyright Istio Authors 4 # 5 # Licensed under the Apache License, Version 2.0 (the "License"); 6 # you may not use this file except in compliance with the License. 7 # You may obtain a copy of the License at 8 # 9 # http://www.apache.org/licenses/LICENSE-2.0 10 # 11 # Unless required by applicable law or agreed to in writing, software 12 # distributed under the License is distributed on an "AS IS" BASIS, 13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 # See the License for the specific language governing permissions and 15 # limitations under the License. 16 17 echo 'Generate key and cert for root CA.' 18 openssl req -newkey rsa:2048 -nodes -keyout root-key.pem -x509 -days 36500 -out root-cert.pem <<EOF 19 US 20 California 21 Sunnyvale 22 Istio 23 Test 24 Root CA 25 testrootca@istio.io 26 27 28 EOF 29 30 echo 'Generate private key for Istio CA.' 31 openssl genrsa -out ca-key.pem 2048 32 33 echo 'Generate CSR for Istio CA.' 34 openssl req -new -key ca-key.pem -out ca-cert.csr -config ca.cfg -batch -sha256 35 36 echo 'Sign the cert for Istio CA.' 37 openssl x509 -req -days 36500 -in ca-cert.csr -sha256 -CA root-cert.pem -CAkey root-key.pem -CAcreateserial -out ca-cert.pem -extensions v3_req -extfile ca.cfg 38 39 rm ./*csr 40 rm ./*srl 41 42 echo 'Generate cert chain file.' 43 cp ca-cert.pem cert-chain.pem 44 45 mv ./*.pem ../../../samples/certs/