-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
4 changed files
with
88 additions
and
62 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
#!/bin/bash | ||
|
||
# Define variables | ||
CA_KEY="ca-key.pem" | ||
CA_CERT="ca-cert.pem" | ||
|
||
# Generate CA key and certificate | ||
openssl genrsa -out $CA_KEY 4096 | ||
openssl req -new -x509 -key $CA_KEY -sha256 -out $CA_CERT -days 365 -subj "/CN=MyCA" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
#!/bin/bash | ||
|
||
# Define variables | ||
CA_KEY="ca-key.pem" | ||
CA_CERT="ca-cert.pem" | ||
|
||
|
||
CLIENTS=( | ||
martinb | ||
) | ||
|
||
for CLIENT in "${CLIENTS[@]}"; do | ||
echo "Generating certificates for client $CLIENT" | ||
rm -rf clients/$CLIENT | ||
mkdir -p clients/$CLIENT | ||
|
||
CLIENT_KEY="clients/$CLIENT/key.pem" | ||
CLIENT_CERT="clients/$CLIENT/cert.pem" | ||
CLIENT_CSR="clients/$CLIENT/client-csr.pem" | ||
CLIENT_EXT="clients/$CLIENT/client-ext.cnf" | ||
|
||
cp $CA_CERT clients/$CLIENT/ca.pem | ||
|
||
# Create client config file for SAN | ||
cat > $CLIENT_EXT <<- "EOF" | ||
[req] | ||
distinguished_name = req_distinguished_name | ||
req_extensions = v3_req | ||
[req_distinguished_name] | ||
[ v3_req ] | ||
basicConstraints = CA:FALSE | ||
keyUsage = nonRepudiation, digitalSignature, keyEncipherment | ||
subjectAltName = @alt_names | ||
[alt_names] | ||
DNS.1 = localhost | ||
EOF | ||
|
||
|
||
# Generate client key and CSR | ||
openssl genrsa -out $CLIENT_KEY 4096 | ||
openssl req -new -key $CLIENT_KEY -out $CLIENT_CSR -subj "/CN=$CLIENT" -config $CLIENT_EXT | ||
|
||
# Sign the client CSR with the CA certificate to get the client certificate | ||
openssl x509 -req -in $CLIENT_CSR -CA $CA_CERT -CAkey $CA_KEY -CAcreateserial -out $CLIENT_CERT -days 365 -extensions v3_req -extfile $CLIENT_EXT | ||
|
||
echo "Certificates with SANs generated successfully for $CLIENT." | ||
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
#!/bin/bash | ||
|
||
# Define variables | ||
CA_KEY="ca-key.pem" | ||
CA_CERT="ca-cert.pem" | ||
SERVER_KEY="server-key.pem" | ||
SERVER_CSR="server-csr.pem" | ||
SERVER_CERT="server-cert.pem" | ||
SERVER_EXT="server-ext.cnf" | ||
|
||
DOMAIN="profeed.docker.mgmt.swm.neuroforge.de" | ||
|
||
# Create server config file for SAN | ||
cat > $SERVER_EXT <<- EOF | ||
[req] | ||
distinguished_name = req_distinguished_name | ||
req_extensions = v3_req | ||
[req_distinguished_name] | ||
[ v3_req ] | ||
basicConstraints = CA:FALSE | ||
keyUsage = nonRepudiation, digitalSignature, keyEncipherment | ||
subjectAltName = @alt_names | ||
[alt_names] | ||
DNS.1 = $DOMAIN | ||
EOF | ||
|
||
# Generate server key and CSR | ||
openssl genrsa -out $SERVER_KEY 4096 | ||
openssl req -new -key $SERVER_KEY -out $SERVER_CSR -subj "/CN=$DOMAIN" -config $SERVER_EXT | ||
|
||
# Sign the server CSR with the CA certificate to get the server certificate | ||
openssl x509 -req -in $SERVER_CSR -CA $CA_CERT -CAkey $CA_KEY -CAcreateserial -out $SERVER_CERT -days 365 -extensions v3_req -extfile $SERVER_EXT |
This file was deleted.
Oops, something went wrong.