istio.io/istio@v0.0.0-20240520182934-d79c90f27776/security/samples/plugin_ca_certs/gen_certs.sh

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/security/samples/plugin_ca_certs/gen_certs.sh (about)

     1  #!/bin/sh
     2  
     3  # Copyright Istio Authors
     4  #
     5  # Licensed under the Apache License, Version 2.0 (the "License");
     6  # you may not use this file except in compliance with the License.
     7  # You may obtain a copy of the License at
     8  #
     9  #    http://www.apache.org/licenses/LICENSE-2.0
    10  #
    11  # Unless required by applicable law or agreed to in writing, software
    12  # distributed under the License is distributed on an "AS IS" BASIS,
    13  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14  # See the License for the specific language governing permissions and
    15  # limitations under the License.
    16  
    17  echo 'Generate key and cert for root CA.'
    18  openssl req -newkey rsa:2048 -nodes -keyout root-key.pem -x509 -days 36500 -out root-cert.pem <<EOF
    19  US
    20  California
    21  Sunnyvale
    22  Istio
    23  Test
    24  Root CA
    25  testrootca@istio.io
    26  
    27  
    28  EOF
    29  
    30  echo 'Generate private key for Istio CA.'
    31  openssl genrsa -out ca-key.pem 2048
    32  
    33  echo 'Generate CSR for Istio CA.'
    34  openssl req -new -key ca-key.pem -out ca-cert.csr -config ca.cfg -batch -sha256
    35  
    36  echo 'Sign the cert for Istio CA.'
    37  openssl x509 -req -days 36500 -in ca-cert.csr -sha256 -CA root-cert.pem -CAkey root-key.pem -CAcreateserial -out ca-cert.pem -extensions v3_req -extfile ca.cfg
    38  
    39  rm ./*csr
    40  rm ./*srl
    41  
    42  echo 'Generate cert chain file.'
    43  cp ca-cert.pem cert-chain.pem
    44  
    45  mv ./*.pem ../../../samples/certs/