-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathmakeClientCert.sh
More file actions
77 lines (55 loc) · 2.24 KB
/
makeClientCert.sh
File metadata and controls
77 lines (55 loc) · 2.24 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
#!/bin/bash
# call this script with an email address (valid or not).
# like:
# ./makecert.sh foo@foo.com
if [ "$1" == "" ]; then
echo "Need email as first argument"
exit 1
fi
if [ "$2" == "" ]; then
echo "Need file prefix as second argument"
exit 1
fi
EMAIL=$1
PREFIX=$2
BASEDN="/C=CH/ST=Basel/O=info-age/OU=display01"
mkcert() {
machine=$1
type=$2
certfile="${PREFIX}${machine}"
echo ${certfile} ++++
openssl genrsa -out ${certfile}.key 2048
openssl req -sha1 -key ${certfile}.key -new -out ${certfile}.req -subj "/L=${type}${BASEDN}/CN=${machine}/emailAddress=${EMAIL}"
# Adding -addtrust clientAuth makes certificates Go can't read
#openssl x509 -req -extfile <(printf "subjectAltName=DNS:${type}") -days 365 -in ${certfile}.req -CA ${PREFIX}ca.pem -CAkey ${PREFIX}ca.key -passin pass:$PRIVKEY -out ${certfile}.pem # -addtrust clientAuth
# uuid: 7b721292-cc3d-4855-99e1-262444bce988 == type
openssl x509 -req -days 365 -in ${certfile}.req -CA ${PREFIX}ca.pem -CAkey ${PREFIX}ca.key -passin pass:$PRIVKEY -out ${certfile}.pem
openssl x509 -extfile ../openssl.conf -extensions ssl_client -req -days 365 -in ${certfile}.req -CA ${PREFIX}ca.pem -CAkey ${PREFIX}ca.key -passin pass:$PRIVKEY -out ${certfile}.pem
}
rm -f certs/${PREFIX}*
#mkdir certs
cd certs
echo "00" > ${PREFIX}ca.srl
echo "make CA"
PRIVKEY="info-age21654968473214dsD"
openssl req -new -x509 -days 365 -keyout ${PREFIX}ca.key -out ${PREFIX}ca.pem -subj "${BASEDN}/CN=ca/emailAddress=juergen@info-age.net" -passout pass:$PRIVKEY
echo "make localhost cert for https access"
openssl req -new -nodes -x509 -out ${PREFIX}localhost.pem -keyout ${PREFIX}localhost.key -days 3650 -subj "${BASEDN}/CN=localhost/emailAddress=${EMAIL}"
#echo "make client cert"
#openssl req -new -nodes -x509 -out ${PREFIX}client.pem -keyout ${PREFIX}client.key -days 3650 -subj "/C=CH/ST=Basel/L=Earth/O=FHNW/OU=HGK/OU=DIGMA/CN=www.fhnw.ch/emailAddress=${EMAIL}"
mkcert "master" "any"
mkcert "proxy" "proxy"
mkcert "controller01" "controller"
mkcert "controller02" "controller"
mkcert "memobase" "dataproxy"
declare -a machines=()
for i in {1..99}
do
num=$(printf "%03d" $i)
machine=ba14nc21${num}
machines+=($machine)
done
for machine in "${machines[@]}"
do
mkcert $machine "client"
done