Skip to content

Commit

Permalink
minor
Browse files Browse the repository at this point in the history
  • Loading branch information
s4ke committed Nov 13, 2023
1 parent 43c2f6b commit b00e9f0
Show file tree
Hide file tree
Showing 4 changed files with 88 additions and 62 deletions.
9 changes: 9 additions & 0 deletions deploy/gen_ca.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
#!/bin/bash

# Define variables
CA_KEY="ca-key.pem"
CA_CERT="ca-cert.pem"

# Generate CA key and certificate
openssl genrsa -out $CA_KEY 4096
openssl req -new -x509 -key $CA_KEY -sha256 -out $CA_CERT -days 365 -subj "/CN=MyCA"
47 changes: 47 additions & 0 deletions deploy/gen_client_certs.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
#!/bin/bash

# Define variables
CA_KEY="ca-key.pem"
CA_CERT="ca-cert.pem"


CLIENTS=(
martinb
)

for CLIENT in "${CLIENTS[@]}"; do
echo "Generating certificates for client $CLIENT"
rm -rf clients/$CLIENT
mkdir -p clients/$CLIENT

CLIENT_KEY="clients/$CLIENT/key.pem"
CLIENT_CERT="clients/$CLIENT/cert.pem"
CLIENT_CSR="clients/$CLIENT/client-csr.pem"
CLIENT_EXT="clients/$CLIENT/client-ext.cnf"

cp $CA_CERT clients/$CLIENT/ca.pem

# Create client config file for SAN
cat > $CLIENT_EXT <<- "EOF"
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
[req_distinguished_name]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
EOF


# Generate client key and CSR
openssl genrsa -out $CLIENT_KEY 4096
openssl req -new -key $CLIENT_KEY -out $CLIENT_CSR -subj "/CN=$CLIENT" -config $CLIENT_EXT

# Sign the client CSR with the CA certificate to get the client certificate
openssl x509 -req -in $CLIENT_CSR -CA $CA_CERT -CAkey $CA_KEY -CAcreateserial -out $CLIENT_CERT -days 365 -extensions v3_req -extfile $CLIENT_EXT

echo "Certificates with SANs generated successfully for $CLIENT."
done
32 changes: 32 additions & 0 deletions deploy/gen_server_cert.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
#!/bin/bash

# Define variables
CA_KEY="ca-key.pem"
CA_CERT="ca-cert.pem"
SERVER_KEY="server-key.pem"
SERVER_CSR="server-csr.pem"
SERVER_CERT="server-cert.pem"
SERVER_EXT="server-ext.cnf"

DOMAIN="profeed.docker.mgmt.swm.neuroforge.de"

# Create server config file for SAN
cat > $SERVER_EXT <<- EOF
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
[req_distinguished_name]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = $DOMAIN
EOF

# Generate server key and CSR
openssl genrsa -out $SERVER_KEY 4096
openssl req -new -key $SERVER_KEY -out $SERVER_CSR -subj "/CN=$DOMAIN" -config $SERVER_EXT

# Sign the server CSR with the CA certificate to get the server certificate
openssl x509 -req -in $SERVER_CSR -CA $CA_CERT -CAkey $CA_KEY -CAcreateserial -out $SERVER_CERT -days 365 -extensions v3_req -extfile $SERVER_EXT
62 changes: 0 additions & 62 deletions deploy/generate_certs.sh

This file was deleted.

0 comments on commit b00e9f0

Please sign in to comment.