*: regenerate "fixtures-expired"

Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
release-3.4
Gyuho Lee 2018-04-09 10:59:52 -07:00
parent 774f6652df
commit a60bb6104c
14 changed files with 177 additions and 280 deletions

View File

@ -37,9 +37,9 @@ var (
}
testTLSInfoExpired = transport.TLSInfo{
KeyFile: "../../integration/fixtures-expired/server-key.pem",
CertFile: "../../integration/fixtures-expired/server.pem",
TrustedCAFile: "../../integration/fixtures-expired/etcd-root-ca.pem",
KeyFile: "../../integration/fixtures-expired/server.key.insecure",
CertFile: "../../integration/fixtures-expired/server.crt",
TrustedCAFile: "../../integration/fixtures-expired/ca.crt",
ClientCertAuth: true,
}
)

View File

@ -84,9 +84,9 @@ var (
}
testTLSInfoExpired = transport.TLSInfo{
KeyFile: "./fixtures-expired/server-key.pem",
CertFile: "./fixtures-expired/server.pem",
TrustedCAFile: "./fixtures-expired/etcd-root-ca.pem",
KeyFile: "../../integration/fixtures-expired/server.key.insecure",
CertFile: "../../integration/fixtures-expired/server.crt",
TrustedCAFile: "../../integration/fixtures-expired/ca.crt",
ClientCertAuth: true,
}

View File

@ -0,0 +1,19 @@
{
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"O": "etcd",
"OU": "etcd Security",
"L": "San Francisco",
"ST": "California",
"C": "USA"
}
],
"CN": "ca",
"ca": {
"expiry": "87600h"
}
}

View File

@ -0,0 +1,23 @@
-----BEGIN CERTIFICATE-----
MIID0jCCArqgAwIBAgIUbY6SSy/rF2TQzWsH4GxG+h+Pvw8wDQYJKoZIhvcNAQEL
BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xODA0MDgxNzUzMDBaFw0yODA0MDUxNzUz
MDBaMG8xDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
ZWN1cml0eTELMAkGA1UEAxMCY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCqhEOeNSLK5CcfvZgHFHPJzRWeDc/fAQ3U2GSF1+KEslOA0mmHiL1paloS
CbuwzoY/EGPCudFxIwFwjl2BAxbMdaCAKCxPwMHfn/38I45GgJFODjcOP0AX9i3O
z2jsAGm02HNicmF24TuQgij8lvhhKjNsy2Lrb8/i6NmX8AKZl9smkRRd5HpUz9DD
HelH2CXYCjbGXdpCyjN2PwfGSoCsAV8NDwbe0CAg6+dZCQrbqt2PJE2uRBoLgp3p
AsVdPiFL1igOimgQRShGvMEVLkA7cmB3fALZy1WTGGj4h76HtEz8nywN7PmoWQJv
AZFM168XPQ35S9+1CROtWUoM7dlhAgMBAAGjZjBkMA4GA1UdDwEB/wQEAwIBBjAS
BgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBSLaEU8nqrYzNEcmi0oZKd1AAFK
gTAfBgNVHSMEGDAWgBSLaEU8nqrYzNEcmi0oZKd1AAFKgTANBgkqhkiG9w0BAQsF
AAOCAQEApPHGwdcMRWMk+RS1NVb3yCPdf2Tx8pPYAJpLY46OPenGnFt6+wJs6Nhq
bj9zmEEqyn1WLXtuel+X4E4BEofkTEAM+06UT7SGgEF7zMY+zQjfPqD52jLhS11I
hp3u/hDR5c8r6RmvuH1TiPK5twxmV1w6LRGQcGJtw1PdTVfgHM+1s7kQ+Ineo4kK
8m1JR44B3GHyw+o0jsf5NqnmQnW6aMACQXiX93fnelkPOsKez/oxiy/WK5dDMrzH
JgNonK+bZRpef15XK3EOhmHp8YrY0CEq4MFsxxmkMZT0OnvIMEi9SkPV1cFq2N7r
uTB9aMzzD/1u+3+IpHCrkb0QICj3YQ==
-----END CERTIFICATE-----

View File

@ -1,51 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEAn/3pG4N9sLWucz5yPVmAuPCuh5tvHs2wRWsBnrTM9qqIpCjR
7rNJzZSy3bAMxX+u1JXUK/Nt3lT87zrIkkC4En74avJSxt+cQlSs54sHFsRo/Idl
b/6b/dEeS4bko7xlymzX5WDSZJ9Aj69wNZx73TGsHiZDBnQziyE1lPPs38qYcJtc
kZKGgsTwJ0e1gvBE+k8KdhTSBX1jYPiycOpibajEERa6dMNZHIJRElJAQejgFDzE
VRLCZBddT0kwVx1ttqYCtYDGlqg2Th2J5n1GAddQLffz8/8ZOuJsCYYgA+8LY55f
x7H392msdTWnaLVW3VYE9j5lf69/pJlVThP46kjuwtX9hfEkoLRjXBF98TibnQXQ
E+LVUNv3ezR/W+lntJOxg7Pka+5OjG/S9Kgj/QOA4nAkoPeQ/NXosBX8d/Z8qHi3
f5YRtmT5NLwAgaSBg2lty8B20o9a63prwhEOmk++ENh8UmexUJ+Amy8lGyB/0fRC
2YFnC5sJJETjDjyrPrWJA8760Eq0TffRYYgcKyJJtioduyPncLxGY7CkT/tsh6oy
IY+RndKOfHdD67yqLZyuwdz/LsaxABELEbbFekE6mlQ/OclZzce5m8+bDZ4W3nRt
S/GygXhWNj6XxKyk8RQNB6p2a5gRIxEAadHuUJd0fFZht+xNlOEuB6n7CPkCAwEA
AQKCAgBILiZ/2jfXhG/64D5r/Tg8t6EV3wMn84ZGGzu03T7nPhK9dQkZVtvCGwcD
SwzIAY3frOT3GzEDMHaYe33HtdkVxyDOJxs/S9zUdB05rRh6pgvzeiZCe6zmuvSf
AHGgiTunMqnIe4EQEmTvLihCl6GuLl3HkF2GyOAEMexZkh7Y7C8QBpehuWhkEPOD
1S9HrpyADS7cDRKflW1Db5AZrzTO4mfqicV/Li7C1Ow8hs0kryqBFtVAyGDZBU18
mrlrZAR+dbEdL8boa2Vsopj3Wqc952TuCEKQXxOD5Gj3dwJ0o+EQhYASuPD1N0Ct
9JHdhIp2+vrsGURzcbr1iJPa0NnoKk1HHee5LI8PnjOIsy/KaNBM4PWvmP+sWbUC
Ej6JTiyZklHztRCq6EkXhUU2D1PplkqBtAM9DnubkuHvqrPa+BDEI1OZABxJHblA
FvSB5D8bLx7rFZD7H2UvDG+e/Y7STNSo178qY2X6e5GRxoaB+/m9XU/P0+nSA+U1
QtR00b95WSw6rn3hdgLXf5pxpmCoQqndkQzT8Xx/iY53s8Lr020c84tp6eMp4rsJ
t145eLi+RnJLGDnXeb0I5/sEJE9SUyR7L/AARB0ewgrTsr2Cy2zpDCDh2s6oWTcS
46XqU/yPcEf5NnPC7YLVjF8zWa6qO6VsBadntW6PmUbxQqehXQKCAQEAwdJGyX6w
F8WrUv3nxP1GOAB1z86/6HS/+2znmDAqlIFqMikIcUHsMfRMeBga/M+pvSRajmG3
MUWIoRZhgyDMMtdMGOqv8bAvaHqR7UlFymeU4m/kIRmJaU81167KKF0eFc4akf6G
bzIbkGkZVAlnLWGBaloYj6vz8NWw6gJkTT+vH+Cz9g0hJ+bnNHuttxLKkDW2Fc87
Mt8KFI14xK/tJiPktSCfVxjyVj16tn63lLQFKo5bOqsTUSxkFTPtIhGm2YGTk0Dv
/hM9x7GhMPnQ2o0lK6FhCHzAnQkoD5ld8KL5hV3iP7Jg0+H9c9c8e+gHum0n+vxo
WolOFsrd26ocEwKCAQEA01FbcKfz85qCP6336oVhr/Kl4TE2V+kWRbOpg48EVkJ+
uJrqLoA/OSCYjmmh7ly5fjTpE1Juvhbuo54MoGLxQ954H47Hux+0daoX9hAEcOK5
AiWINC7Gqi1rzQ3b9Vp2PxbiR6JcDqiy6UoK81uP6N6PgpUuu+EV74asP5SWGx/u
BhScd5QLjjtf77n0Zn5aoNSuHt3JOzjToMl4WCtaP+/t0edkBsfcU/grNs85B/wN
6A5uJR8T52wVWw5xQYbblU92JeDSgfQr1LD5VVOr8hQzVxDoOI8SL2dx68OEMw9v
hzVfHL79sKCLUAJHGqnBC+zLcVCbDctm7EVxgAmQQwKCAQEArO1Xit8lbZBHUzyG
VRNEWyLN+iKUxmmkAEciOn5+/xCYFzjU93fBrLAyqdOYAIenAcI1qWM1dxh61n6J
cd0JUzMUCgcaA6EWKzlwiS0ev3+7Lmx2NbH7D6JEf7LLW0f5V6sTub5FY2Bph2a9
2mSpUav1M1Y/I7BfbTi7J44Kv4FaVi69YYJFWryA/Cp8yyJQ6GmDk+HZB4JIFB5E
6festqK/o3r/r03qqVcg7UIRuPMEyPtKGgYYrgvVH7W8lPD61ITvjioZ9a5lKI4r
Ku84kEXuLAdH87Kah4Fr5L8JOXGu/nbNLdeQ3Hp9D6WxqTtT6dkKGryovl5S9bL6
TspvUQKCAQEAxAwJmlWnJMymo++BPolqHLMwI+DlOt/bMuVAkfYgHurn59qJAoUm
ophUEGN9wMczrBvoVG24ohBia1dY/X9tt/pwVU7AjCEY6cTZIAayKAyfeZdaapcu
5njnN0DxXQoFA/j2C2FcqJjoCzkPOcErnO7GE27WAaYMFMFLkl0GebnAuNFsbB/k
LJt3IM/TJzd4WxeVRruaUqAg7l2bkaj+vKyaZY+XpBbNmPV3Gg1cKsU0HaMtmrDf
ZWdH1MdsWU+E7lvfD7spcTkXZOafGwNaVWdaTh84YiiRxXriHMmyHzDl1nm0eNXU
RIZdWOgUEW+F0stn3wPaJg0bun2elBvLQwKCAQBcTaEhnVOJvBxMtM6G6N/rzBLb
yQNKPPmMfCK9+TXFMpfsfYqiST/63wRbYIQ0tjiyx+dXb7VawhovCT7AR5Ct+0zW
iCG9yUNhbFEXUWUbthdrt1Xr3IBw9NCfYHosTjyOHi0eAn1ORFlD6GNzv27zeQHR
nBJwR6/SJOLYNztJLIyQGrK8fBuqaVFf2zaxDwCiPtIRUudbLJPobEyGfszjpvAR
nIe1aqh/ONLjBgwkj/6uLI15IDexqoW5j6KyW+MlAqBmqLecOFnfM7ZKW6VHvZpZ
me+2Zgxulhq9iRyPHcYDhUzIktH6IF4hYITdLS4IbCezcp4LmHgbyDpxu3+J
-----END RSA PRIVATE KEY-----

View File

@ -1,34 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIF5jCCA86gAwIBAgIUIzbfeuRpE4/TdkmJEYNNOA2VoLgwDQYJKoZIhvcNAQEN
BQAweTEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
Y3VyaXR5MRUwEwYDVQQDEwxldGNkLXJvb3QtY2EwHhcNMTcwMTI2MTkxNTAwWhcN
MTcwMTI2MjAxNTAwWjB5MQwwCgYDVQQGEwNVU0ExEzARBgNVBAgTCkNhbGlmb3Ju
aWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xDTALBgNVBAoTBGV0Y2QxFjAUBgNV
BAsTDWV0Y2QgU2VjdXJpdHkxFTATBgNVBAMTDGV0Y2Qtcm9vdC1jYTCCAiIwDQYJ
KoZIhvcNAQEBBQADggIPADCCAgoCggIBAJ/96RuDfbC1rnM+cj1ZgLjwroebbx7N
sEVrAZ60zPaqiKQo0e6zSc2Ust2wDMV/rtSV1Cvzbd5U/O86yJJAuBJ++GryUsbf
nEJUrOeLBxbEaPyHZW/+m/3RHkuG5KO8Zcps1+Vg0mSfQI+vcDWce90xrB4mQwZ0
M4shNZTz7N/KmHCbXJGShoLE8CdHtYLwRPpPCnYU0gV9Y2D4snDqYm2oxBEWunTD
WRyCURJSQEHo4BQ8xFUSwmQXXU9JMFcdbbamArWAxpaoNk4dieZ9RgHXUC338/P/
GTribAmGIAPvC2OeX8ex9/dprHU1p2i1Vt1WBPY+ZX+vf6SZVU4T+OpI7sLV/YXx
JKC0Y1wRffE4m50F0BPi1VDb93s0f1vpZ7STsYOz5GvuToxv0vSoI/0DgOJwJKD3
kPzV6LAV/Hf2fKh4t3+WEbZk+TS8AIGkgYNpbcvAdtKPWut6a8IRDppPvhDYfFJn
sVCfgJsvJRsgf9H0QtmBZwubCSRE4w48qz61iQPO+tBKtE330WGIHCsiSbYqHbsj
53C8RmOwpE/7bIeqMiGPkZ3Sjnx3Q+u8qi2crsHc/y7GsQARCxG2xXpBOppUPznJ
Wc3HuZvPmw2eFt50bUvxsoF4VjY+l8SspPEUDQeqdmuYESMRAGnR7lCXdHxWYbfs
TZThLgep+wj5AgMBAAGjZjBkMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAG
AQH/AgECMB0GA1UdDgQWBBRnbPUmgSmUC3API24MQ5x/Xh08xzAfBgNVHSMEGDAW
gBRnbPUmgSmUC3API24MQ5x/Xh08xzANBgkqhkiG9w0BAQ0FAAOCAgEAFPoCwCcw
ecCkvFTxjJnMI9v+i0VlqgKH5Q8ZAxwsPI+bck5KdUbi7aWTwvlZxM/2WT0NsWGO
hKZhsJnOZsRaEmeKV5TD1Ua2urQSXWztjGDn/+6JR47FYIP57d3+w5wYuwwzy2ne
4oY4OIOmot9Wqgc1D5yOo9D81Udq6DOfb9DeXqa+UuQGoYu1hLQrgUQATxiYsu8T
FNoG7EQihNuIMlBhU/H1rCKtX4aeRXRRl7Rr/p/+AYqNUblnjwowvBGyYEfzO9ag
ixO+li3SbpD4SfZwX1T3SQukoOq2iSCnrWDdP9yvx04X8oPxhbAncjxASDfy4l2S
vhaks6L10qZkLjWNGA65UVDPgzAWTi/7XCZZ37bP2poLbg+/VbKVvN4PII81NB54
Ew9mkS9NwcjWQvjkhVPVGtk/fiYtkl5yrrWswJMW/fQJvipveMZbEW0jLVx28f7n
t+hvaKMy1QBr1HG3bVtty/izDVTsHJLbki07NRNkJM8M7zv960/rL8SK4J300Zm1
DjxeyipcX1IGnIeBzNT2ASu1cD40T+qwG7hYtSCpGAkBVq4ZnFSGb3yICv5TvUE4
WItEf4eaV/dK0f7yu02u+TS22LiFiWU1d1/wL8HX9n8utS2w3g/YXy8GNWahcjiM
AlehNnzoyVafYDVvMKNHBfJuaxa5qTQrctY=
-----END CERTIFICATE-----

View File

@ -0,0 +1,13 @@
{
"signing": {
"default": {
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
],
"expiry": "1h"
}
}
}

View File

@ -1,91 +1,31 @@
#!/usr/bin/env bash
set -e
#!/bin/bash
if ! [[ "$0" =~ "./gencerts.sh" ]]; then
echo "must be run from 'fixtures-expired'"
exit 255
echo "must be run from 'fixtures'"
exit 255
fi
if which cfssl >/dev/null; then
echo "cfssl is installed; generating certs"
else
echo "cfssl is not installed; exiting"
exit 255
if ! which cfssl; then
echo "cfssl is not installed"
exit 255
fi
cat > ./etcd-root-ca-csr.json <<EOF
{
"key": {
"algo": "rsa",
"size": 4096
},
"names": [
{
"O": "etcd",
"OU": "etcd Security",
"L": "San Francisco",
"ST": "California",
"C": "USA"
}
],
"CN": "etcd-root-ca",
"ca": {
"expiry": "1h"
}
}
EOF
cfssl gencert --initca=true ./etcd-root-ca-csr.json | cfssljson --bare ./etcd-root-ca
cat > ./etcd-gencert.json <<EOF
{
"signing": {
"default": {
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
],
"expiry": "1h"
}
}
}
EOF
cat > ./server-ca-csr.json <<EOF
{
"key": {
"algo": "rsa",
"size": 4096
},
"names": [
{
"O": "etcd",
"OU": "etcd Security",
"L": "San Francisco",
"ST": "California",
"C": "USA"
}
],
"CN": "example.com",
"hosts": [
"127.0.0.1",
"localhost"
]
}
EOF
cfssl gencert \
--ca ./etcd-root-ca.pem \
--ca-key ./etcd-root-ca-key.pem \
--config ./etcd-gencert.json \
./server-ca-csr.json | cfssljson --bare ./server
rm ./*.json
rm ./*.csr
cfssl gencert --initca=true ./ca-csr.json | cfssljson --bare ./ca
mv ca.pem ca.crt
if which openssl >/dev/null; then
openssl x509 -in ./etcd-root-ca.pem -text -noout
openssl x509 -in ./server.pem -text -noout
openssl x509 -in ca.crt -noout -text
fi
# generate DNS: localhost, IP: 127.0.0.1, CN: example.com certificates
cfssl gencert \
--ca ./ca.crt \
--ca-key ./ca-key.pem \
--config ./gencert.json \
./server-ca-csr.json | cfssljson --bare ./server
mv server.pem server.crt
mv server-key.pem server.key.insecure
if which openssl >/dev/null; then
openssl x509 -in ./server.crt -text -noout
fi
rm -f *.csr *.pem *.stderr *.txt

View File

@ -0,0 +1,20 @@
{
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"O": "etcd",
"OU": "etcd Security",
"L": "San Francisco",
"ST": "California",
"C": "USA"
}
],
"CN": "example.com",
"hosts": [
"127.0.0.1",
"localhost"
]
}

View File

@ -1,51 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEArjJG7BkDXGJ7IJeUbt9ilXZl/SqKVYnQQcbAVqKKsZOUTnWl
jYgslXIVDJAYUCZ2WNzXrHq6XOY4qbfNjDIdq28hlq+EydMOU9T/1WrFASbiJdrC
mFH1XUX9SImDw9qDit2S4bxW5gs+Q6cSRSGyHf+6/DD24NY2VP3qpjwaEByZGZ7K
769zRBhoI2sWslilztQKuiVdeTRNqMtCD/Qa4JIiwyzmYOwKEd+kitrsPwUQg/11
RNbUHZEy51GCzeZ467DcjnXiGHsAF6ZMznDvPY8GU71JYkBN1Tq8IQVe9yemqk6S
UXYoJJnebX3WMvCZ+XLKYWObANQpXxHsu6t68Hkcg5bDTTbg79JAS8co7wf1S3NA
3QudhrTf3anvdbtaZFukusQbVnH7qSp5LFTle+Vl7Megy0/juCBL9/xMSpWqUwUl
7evfrm/JkVmCoGm2+56uCyrVK9uRRraqp7J19RuNmhunOiURN610DjsisI1eqAHS
naDtMluwBc+HEaJWYzJN1JLvGA3ahOyOcv94FZ1msabq20txvp5oHLd7j9TaVGob
qSbDGLZGHrm5If/x2+1Dc9O55Om/82Q8r1Qxt+GqVX+TFed7AvBHFTYbBiW5gT8M
SqMb91t+MYmC9ChFbWepC35I6zoHX1B1CgV20lr5PH1wYO+k0IdO6ufZYBcCAwEA
AQKCAgAMledX4YrDnv3kYe9Af3VA9TfzLaKnAXkBd5mn6MB6if4aGRfn/OGzvnVU
3ghTqiO80d/nP0q9sYiAgp4gNfK80x+rIm1Go7ASUH5Xbgpjxepq775FgQ5oOclN
91mEygHdA5s8If5pSoCqJKUGR6P11Ocul18O6YstYtcUQZ1kcpyBJF7nKFb8oYLM
pE0Uf6EjK2DHCDITsrq1qlHQk0Np3EUUsubGM+eaWP0rZxvQhc4mqyZQ3fCfXkE+
Qz5fH/q2lKWqyUuXlzNvgf1koPY4DWBYpoFpztmQwVicTiYJV10MSvb5Wb8WveM7
J+9U6NtHEYsbtDWbvrhqfQIMoRwVqxryUj1h/GN95oZ80pFkhcLfBeu045Fyc7Aa
gZT/ugC2Jov/+1uxtLe9ZsZeY+MVBuLrUoG5+Q+Tink+uJ3KYn2TltpdiYmSZ7lY
s/SnUBGbmSJjpXsbqbcimnsZLX/T8X53UwHRG5eWmGhJBU60kATsFqZmvkYgI3wc
yenDQaIx93fwsBWEBn/Ms1XHaYvVIpeQ4eRboIzkNq0Aefyat6MIQPj5tf2Hlb93
bRNxoJaX6oiOtCrqfIdqk688pgjTwV5r4z4R+K4FbVRx0VbU0Dfsa4rVsRFidMdg
9s+xvS2wYePkjP5m5q574oStRKYuJsaPDJeXLI5XfzKnLa/eUQKCAQEA5bjIhflh
P/3yL/EEC4Pr9t655mi0qyxNegllfkuhEEdH6u+ygj4MtJikVUatL5XHylo0KGM1
asdJLlOwFYGsOKLk0Vj2BU1b9PljRYyS+8sZvOQOhDbxkl7zrvaezYPbsVd1IX0v
Q6fvOh9N5H127LkspHC+G03g6X+nY/+5b5CxaUHke6Cd+fjxiZnAbyzmhgIHohfC
7HCzmKfyJPIJgVpDAHaEWIpAVYU5qRwgrWWjx2WftFXF7NaI5KIoMgbqWCLp1A/O
eaO3CB/uRn3l4yjBy+paxpYzkS0LtfHMDk/0tPn8/AFt9L6Pjv+KXYhvpsJAqknQ
p0RmFEuEh+AQKQKCAQEAwh96H3TdUzRl0TewWL9IbKdeF1IV7PC1dwljevsTYlU5
kUztebtHA6XWXNwlKr8VQ1PVTsncB4VlX3bIlbg8fVy90Uu7FQ/dhSczyuZANjz/
ocazZi9wk8OG5k6Sgz/EdevsIPnBfdbPPGgxFkSr1CUEOkRwtI7p/F3gjeJviH7j
7BYKJje1mln3/r8h3esgeILOmK4/oKpjjRCbhAsU4j8kLFKMgUYdPgpqFzdgzOLO
EIoDqTl7anQkbJUoSbenoHF0xWmWG5uaOo4/ORuTr+ZoN4nkZ6D8R6ZQlPpIw4oD
WDeoAcSoFgKoczIlBk4lcz5mbwp2UsiLBYXJFH72PwKCAQEAzBd0R9r8dK74KXG2
h0iILodIoBTsVpuApeiNPDyS9vRtR6P3c1EPVq+6aGznVrx6iSPE7RDfF2PAd6Ew
cpsHWDYYlomz4ZgOF8ItWVAAEiYqUrBG2V47FzC2zP4crjf0ykUKMluWz0P2/Sts
t5BkRQJrUBk+POHe7XRVUjmTFTR2+i3pgZB8aearKPXpipxYnjxVbcQwkIG8febP
8dT7bumzV0j0YflKGPDI/p6XxZXkgTWfQsdllfowGviaP3/3WaCDH71/UoCKD3TW
69fUkxHVw4YNahtt6xAbNGWDRj/xB4yGH5phhyx6PLB5zIl3sK8qZmA4OTNCgctq
DpGZqQKCAQBgc+lnBdcOh4Nrj+MERY7Dxek/Zx7Tysovai/OpD/+ZOAkrPd1u7LO
QjEflJa3BZiYCmh7LFsyNXqoE0oY8iDEHTeHbbx3+5kSlubqErum92oAxMzQohOq
p8U4W6P6qM2B1gZOYCpez0PK/O4e5WIHF5lhJi5l2Hi0VyTC+tZ2GK5A2LaURKvs
FHXfUrKOJEzO9BeYz0N4HhE2vyC2XBc1TzA3AZEkjmTrNZt/C5oCU1MV7q1hANms
jCao+Pe6oREd7CGcERlvgEIChDkvs98O0EnKBq7BOsD/DMkPLMjIt6Nvyr+kmUT3
Irz1991jo6KB/2hAFg+ylEhXJyFBGNBbAoIBAFQhMh25emwXX/L0lEqoo1miDl2U
IYUFLl8sasRyZp7PmGuUSyKLMZwJesPvcXb4OL4h4Q+2Esx4nFhTkHjoo22AJWRK
ivLiDZHEVN5DKFCfaNoNCMeLi07syLRWl28K5O924lVfsEwISOd5VjuFynNHn5Tu
pE/VkfwUtY1owak3k737Yum1bBmUHyP6kJyUGQW0E9yhTcau1OnhU8XSvO+6lClK
wOg3RsP3LF3gslrRVgc+R95KOva7Oc2EuJDqoHJ8877+r68cHdJYe3mmb1pPNqC1
It+c6mphFAT6frmzkew72FEFzaiSx/Iqiwz4LqoMEnVYN8eVp7hehyGbb8o=
-----END RSA PRIVATE KEY-----

View File

@ -0,0 +1,24 @@
-----BEGIN CERTIFICATE-----
MIIEEjCCAvqgAwIBAgIUbmmpzabDgRPOJj4EzbN+TfqIVhkwDQYJKoZIhvcNAQEL
BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xODA0MDgxNzUzMDBaFw0xODA0MDgxODUz
MDBaMHgxDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
ZWN1cml0eTEUMBIGA1UEAxMLZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxxPIOJV9gc6CjyffN5ylSf7tWrJen8DiyETW5kmDRxnWE
RWRIFjcw6EIhyyXE4g5KEhYRqf6uVWY4a97X8xPTT0MwctifDYg2mFEzR4cswcVq
AmVG9PluWA5fE7SH0VnX2XJyslyeA/+1JlfowlcRkpCAkKPl/xGwYhBada6cA4zQ
YdA7DrNTUdVJt3EGf1wCL4BplcCjK2U53B0neUt5o1IlTwaF2yRpKiCrZ7sH6jI5
HugSFRorq65LwFFQPz+RBmNSAEnMF9z6nToQO/S6PYfvcS6od/7UjipaeY9biRq5
dgpnd3vr+vnR05z6hSNA/FZz5241SYsvJNFU/irfAgMBAAGjgZwwgZkwDgYDVR0P
AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
Af8EAjAAMB0GA1UdDgQWBBSzO25mJGCt/clSMtYNaX2vhZcVijAfBgNVHSMEGDAW
gBSLaEU8nqrYzNEcmi0oZKd1AAFKgTAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8A
AAEwDQYJKoZIhvcNAQELBQADggEBAGpOAvnIQ+YHCSYMKl4v9DpZWOoJ3PrG3bFB
FomGSIXJitWC4ONljF7o/OsDgOwfBo8L2e/HUSqCoxs4nDf/nzePYtenlL1vFQ4l
tajKUTgXKjE55uHhzVWRmcmMNM7yC2dJaoYO+mVwtjLCwvnyNvqG+rUPtk5SXP9t
rjVWNsowBSHTVSBoSLNxEI4DRrUvxm20y/E++VXwhliTHGpq+htGz7g7XSNHu7Xo
xEkBxRaavZbSEdOR3NPyDPfFAdglnxTk1DQ7DJjznEahegO+pTbID/OY3hrMDVKt
YnIt7WzS6KLnUzBOPS1jiyWVUK4QMC5yDAwYU4RH1Pr3XUCNWzk=
-----END CERTIFICATE-----

View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAscTyDiVfYHOgo8n3zecpUn+7VqyXp/A4shE1uZJg0cZ1hEVk
SBY3MOhCIcslxOIOShIWEan+rlVmOGve1/MT009DMHLYnw2INphRM0eHLMHFagJl
RvT5blgOXxO0h9FZ19lycrJcngP/tSZX6MJXEZKQgJCj5f8RsGIQWnWunAOM0GHQ
Ow6zU1HVSbdxBn9cAi+AaZXAoytlOdwdJ3lLeaNSJU8GhdskaSogq2e7B+oyOR7o
EhUaK6uuS8BRUD8/kQZjUgBJzBfc+p06EDv0uj2H73EuqHf+1I4qWnmPW4kauXYK
Z3d76/r50dOc+oUjQPxWc+duNUmLLyTRVP4q3wIDAQABAoIBADykuAJ1Y10O9O0L
GDsosaMQKgN+a1oCDAVK863zro3BixNtbLFeysMnaHAI0kCg8Uj5dIfgGx6zyWRU
ADhhFxFOB9i+RQG1ZxNg0MqSix2MmOD6Ijybk3++EGEE4uA2XdTRvEY+bHQHXzMX
+oNP0M4Q1rTVIuRyKEGoonWJkeBsj1m4U5q553EWDQv9esXzuwpnZ3/1thxQhZIJ
TBSQ/RhD8/9v95+wU3tVVMoqXhAbqjx0122ZF4khZJb6YM7YaHDdstX+own3yejI
srvjNH3E3IiY0HZyhg7ohRfRDSoDLZz0F3v3Dd7wGNWkNYU3vtd1A6Y+xM6U9EwO
u5taTEkCgYEA63MkVXR0Yd3tlffm1WQxtcVix2vbnNKY88L6GW4/+RYUMAThqQF4
L7YwNNqGjLqhp5U5cAydaMunRsOf/wYFYAaUcRWPISCzbgZh5cgr1XPafb2iMNzD
xjE/MhG3jjhKP2nA/QUrUd8woEOEq6qUijIiDyTh84rdpZ1K8uIvuuMCgYEAwUj/
0I0gbNZB84/whfnfEkt5ZebYs1vKxRHm5xB58PEZTdoTTlZvoTGzn/NJZrOtZOLo
abbvB2xlZNBPl36ZMh5561LPnTTP94qGVfsdr83atMG6AHje7/2cw9BddRXSUjlN
SEjzhwRf6HklsiVo0QmWSLD0BDeZGtxHgBhNZNUCgYEAiTo5wgi20Fed4tty0Yqt
Imlh8iMeA6AG/4PzaqEEbjP9HiOqNmuh1gUUwalf5GPeViM2L+VaVTrlSuw3s1aa
CWasW+CZ5E//5C+aHWf2jFkSzliZUGtLO5d2YsNKvXx3YdBMZ+v8XKJ939qaV8d6
/bTMfxEbFGwqVR2BEmDcOssCgYBPUTOZU7CwuSQLXVAoyqdeDJbe2GKpB8woHvaQ
b9R6qZXmus0dYp8gmRLLWr0OZkGLmwohB68DbtoVCt7+njcjuBn0FeGY86k8Ph5u
fkRqdqF/d9hqhS+HcJ26RXF0sOXEVDuApF87UvJApiZv+qYO0k5XujYI3P/5Y9f7
mv13mQKBgQCyBOuHxbZWn2Y15Z6w6K7DOdFuxGjM8ATqdJ8NmGPDABlfrSZiTwkf
gLY59kZREdl13DzGCVxbk1EGq+KFNTRSovuf7DG7kY0wQcOlQOzLS7fnftJOBw4E
jaTx6novxP3dqWlYmuu1BP/foiVvKHnVYobNihe6rKiaLoH3fWotsg==
-----END RSA PRIVATE KEY-----

View File

@ -1,35 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIGHDCCBASgAwIBAgIUcGlr9BUSOAwUt3SDhav9yWokZDowDQYJKoZIhvcNAQEN
BQAweTEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
Y3VyaXR5MRUwEwYDVQQDEwxldGNkLXJvb3QtY2EwHhcNMTcwMTI2MTkxNTAwWhcN
MTcwMTI2MjAxNTAwWjB4MQwwCgYDVQQGEwNVU0ExEzARBgNVBAgTCkNhbGlmb3Ju
aWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xDTALBgNVBAoTBGV0Y2QxFjAUBgNV
BAsTDWV0Y2QgU2VjdXJpdHkxFDASBgNVBAMTC2V4YW1wbGUuY29tMIICIjANBgkq
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArjJG7BkDXGJ7IJeUbt9ilXZl/SqKVYnQ
QcbAVqKKsZOUTnWljYgslXIVDJAYUCZ2WNzXrHq6XOY4qbfNjDIdq28hlq+EydMO
U9T/1WrFASbiJdrCmFH1XUX9SImDw9qDit2S4bxW5gs+Q6cSRSGyHf+6/DD24NY2
VP3qpjwaEByZGZ7K769zRBhoI2sWslilztQKuiVdeTRNqMtCD/Qa4JIiwyzmYOwK
Ed+kitrsPwUQg/11RNbUHZEy51GCzeZ467DcjnXiGHsAF6ZMznDvPY8GU71JYkBN
1Tq8IQVe9yemqk6SUXYoJJnebX3WMvCZ+XLKYWObANQpXxHsu6t68Hkcg5bDTTbg
79JAS8co7wf1S3NA3QudhrTf3anvdbtaZFukusQbVnH7qSp5LFTle+Vl7Megy0/j
uCBL9/xMSpWqUwUl7evfrm/JkVmCoGm2+56uCyrVK9uRRraqp7J19RuNmhunOiUR
N610DjsisI1eqAHSnaDtMluwBc+HEaJWYzJN1JLvGA3ahOyOcv94FZ1msabq20tx
vp5oHLd7j9TaVGobqSbDGLZGHrm5If/x2+1Dc9O55Om/82Q8r1Qxt+GqVX+TFed7
AvBHFTYbBiW5gT8MSqMb91t+MYmC9ChFbWepC35I6zoHX1B1CgV20lr5PH1wYO+k
0IdO6ufZYBcCAwEAAaOBnDCBmTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFE7MTPuM
DNH+edtzjnjB+8Tuwx62MB8GA1UdIwQYMBaAFGds9SaBKZQLcA8jbgxDnH9eHTzH
MBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQ0FAAOCAgEA
S1Kx/+L5UNAjvXoDWAvFJMIpQcsFhV6vj/sbwxgwXTKjQHOOehEwaaEW735EDmhC
4CLgyM94i7eFEGwAVwWpnh6XAfqCMGd32T5aRPktiGqnQ+aAVdC/fgmWWKqA7ix5
Bsjg9WbuBZvI1tAIscq7ajeHFBb/mndgP2kRJf8Rd7NH3VsmLHlK6KKwe/ThKvwZ
IRTfN7ABWzKq/MmGUOWuBiQaLM7DT05m3ISpN3YCHJL4HRjLz6WZ9vP3GLDcrC8H
a7TPizjB3/+y++htnDBhVAAVl4GgolRZzjkzERxDZlvyY7T8sfq9a+9GGHgRXB8v
9wWOYph2r8K1aPaVPw88cri9l993g+vWgKhEse+JoiHgcyCp2VjnM6cpMhCPktBp
YBZ/jBma5EQoLIdBFmDcH/tVs6l6o/9J3q2x+fPZYZkvyuUbxb+TdRZllCqx1myy
YxCGTLdjWEHQbdcVc8totLPgJik2LjFoPAvYgrqO0o3vTz1oagLbwie4D2uK9Ats
pu4KxGCsDtzyf/w9sBZti/ovIgttB7IxeFWZYIWVRCkJkre9rm8qmaCmMY2FvBDY
nBSTldaLpHAryjleyu/WYdqW8Qc+EqIPCzCvJkrKfhZEN7AT7vFwmvnOjJetFdEL
UNJ3wyITBZtiMRAInMkRi3zFeHTVqaockL/FoplkY4Q=
-----END CERTIFICATE-----

View File

@ -1,42 +1,44 @@
#!/bin/bash
if ! [[ "$0" =~ "./gencerts.sh" ]]; then
echo "must be run from 'fixtures'"
exit 255
echo "must be run from 'fixtures'"
exit 255
fi
if ! which cfssl; then
echo "cfssl is not installed"
exit 255
echo "cfssl is not installed"
exit 255
fi
cfssl gencert --initca=true ./ca-csr.json | cfssljson --bare ./ca
mv ca.pem ca.crt
openssl x509 -in ca.crt -noout -text
if which openssl >/dev/null; then
openssl x509 -in ca.crt -noout -text
fi
# generate DNS: localhost, IP: 127.0.0.1, CN: example.com certificates
cfssl gencert \
--ca ./ca.crt \
--ca-key ./ca-key.pem \
--config ./gencert.json \
./server-ca-csr.json | cfssljson --bare ./server
--ca ./ca.crt \
--ca-key ./ca-key.pem \
--config ./gencert.json \
./server-ca-csr.json | cfssljson --bare ./server
mv server.pem server.crt
mv server-key.pem server.key.insecure
# generate DNS: localhost, IP: 127.0.0.1, CN: example2.com certificates
cfssl gencert \
--ca ./ca.crt \
--ca-key ./ca-key.pem \
--config ./gencert.json \
./server-ca-csr2.json | cfssljson --bare ./server2
--ca ./ca.crt \
--ca-key ./ca-key.pem \
--config ./gencert.json \
./server-ca-csr2.json | cfssljson --bare ./server2
mv server2.pem server2.crt
mv server2-key.pem server2.key.insecure
# generate revoked certificates and crl
cfssl gencert --ca ./ca.crt \
--ca-key ./ca-key.pem \
--config ./gencert.json \
./server-ca-csr.json 2>revoked.stderr | cfssljson --bare ./server-revoked
--ca-key ./ca-key.pem \
--config ./gencert.json \
./server-ca-csr.json 2>revoked.stderr | cfssljson --bare ./server-revoked
mv server-revoked.pem server-revoked.crt
mv server-revoked-key.pem server-revoked.key.insecure
grep serial revoked.stderr | awk ' { print $9 } ' >revoke.txt
@ -44,10 +46,10 @@ cfssl gencrl revoke.txt ca.crt ca-key.pem | base64 --decode >revoke.crl
# generate wildcard certificates DNS: *.etcd.local
cfssl gencert \
--ca ./ca.crt \
--ca-key ./ca-key.pem \
--config ./gencert.json \
./server-ca-csr-wildcard.json | cfssljson --bare ./server-wildcard
--ca ./ca.crt \
--ca-key ./ca-key.pem \
--config ./gencert.json \
./server-ca-csr-wildcard.json | cfssljson --bare ./server-wildcard
mv server-wildcard.pem server-wildcard.crt
mv server-wildcard-key.pem server-wildcard.key.insecure