*: regenerate "fixtures-expired"
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>release-3.4
parent
774f6652df
commit
a60bb6104c
|
@ -37,9 +37,9 @@ var (
|
||||||
}
|
}
|
||||||
|
|
||||||
testTLSInfoExpired = transport.TLSInfo{
|
testTLSInfoExpired = transport.TLSInfo{
|
||||||
KeyFile: "../../integration/fixtures-expired/server-key.pem",
|
KeyFile: "../../integration/fixtures-expired/server.key.insecure",
|
||||||
CertFile: "../../integration/fixtures-expired/server.pem",
|
CertFile: "../../integration/fixtures-expired/server.crt",
|
||||||
TrustedCAFile: "../../integration/fixtures-expired/etcd-root-ca.pem",
|
TrustedCAFile: "../../integration/fixtures-expired/ca.crt",
|
||||||
ClientCertAuth: true,
|
ClientCertAuth: true,
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
|
@ -84,9 +84,9 @@ var (
|
||||||
}
|
}
|
||||||
|
|
||||||
testTLSInfoExpired = transport.TLSInfo{
|
testTLSInfoExpired = transport.TLSInfo{
|
||||||
KeyFile: "./fixtures-expired/server-key.pem",
|
KeyFile: "../../integration/fixtures-expired/server.key.insecure",
|
||||||
CertFile: "./fixtures-expired/server.pem",
|
CertFile: "../../integration/fixtures-expired/server.crt",
|
||||||
TrustedCAFile: "./fixtures-expired/etcd-root-ca.pem",
|
TrustedCAFile: "../../integration/fixtures-expired/ca.crt",
|
||||||
ClientCertAuth: true,
|
ClientCertAuth: true,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,19 @@
|
||||||
|
{
|
||||||
|
"key": {
|
||||||
|
"algo": "rsa",
|
||||||
|
"size": 2048
|
||||||
|
},
|
||||||
|
"names": [
|
||||||
|
{
|
||||||
|
"O": "etcd",
|
||||||
|
"OU": "etcd Security",
|
||||||
|
"L": "San Francisco",
|
||||||
|
"ST": "California",
|
||||||
|
"C": "USA"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"CN": "ca",
|
||||||
|
"ca": {
|
||||||
|
"expiry": "87600h"
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,23 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIID0jCCArqgAwIBAgIUbY6SSy/rF2TQzWsH4GxG+h+Pvw8wDQYJKoZIhvcNAQEL
|
||||||
|
BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
|
||||||
|
Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
|
||||||
|
Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xODA0MDgxNzUzMDBaFw0yODA0MDUxNzUz
|
||||||
|
MDBaMG8xDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
|
||||||
|
BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
|
||||||
|
ZWN1cml0eTELMAkGA1UEAxMCY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
|
||||||
|
AoIBAQCqhEOeNSLK5CcfvZgHFHPJzRWeDc/fAQ3U2GSF1+KEslOA0mmHiL1paloS
|
||||||
|
CbuwzoY/EGPCudFxIwFwjl2BAxbMdaCAKCxPwMHfn/38I45GgJFODjcOP0AX9i3O
|
||||||
|
z2jsAGm02HNicmF24TuQgij8lvhhKjNsy2Lrb8/i6NmX8AKZl9smkRRd5HpUz9DD
|
||||||
|
HelH2CXYCjbGXdpCyjN2PwfGSoCsAV8NDwbe0CAg6+dZCQrbqt2PJE2uRBoLgp3p
|
||||||
|
AsVdPiFL1igOimgQRShGvMEVLkA7cmB3fALZy1WTGGj4h76HtEz8nywN7PmoWQJv
|
||||||
|
AZFM168XPQ35S9+1CROtWUoM7dlhAgMBAAGjZjBkMA4GA1UdDwEB/wQEAwIBBjAS
|
||||||
|
BgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBSLaEU8nqrYzNEcmi0oZKd1AAFK
|
||||||
|
gTAfBgNVHSMEGDAWgBSLaEU8nqrYzNEcmi0oZKd1AAFKgTANBgkqhkiG9w0BAQsF
|
||||||
|
AAOCAQEApPHGwdcMRWMk+RS1NVb3yCPdf2Tx8pPYAJpLY46OPenGnFt6+wJs6Nhq
|
||||||
|
bj9zmEEqyn1WLXtuel+X4E4BEofkTEAM+06UT7SGgEF7zMY+zQjfPqD52jLhS11I
|
||||||
|
hp3u/hDR5c8r6RmvuH1TiPK5twxmV1w6LRGQcGJtw1PdTVfgHM+1s7kQ+Ineo4kK
|
||||||
|
8m1JR44B3GHyw+o0jsf5NqnmQnW6aMACQXiX93fnelkPOsKez/oxiy/WK5dDMrzH
|
||||||
|
JgNonK+bZRpef15XK3EOhmHp8YrY0CEq4MFsxxmkMZT0OnvIMEi9SkPV1cFq2N7r
|
||||||
|
uTB9aMzzD/1u+3+IpHCrkb0QICj3YQ==
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -1,51 +0,0 @@
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIJKQIBAAKCAgEAn/3pG4N9sLWucz5yPVmAuPCuh5tvHs2wRWsBnrTM9qqIpCjR
|
|
||||||
7rNJzZSy3bAMxX+u1JXUK/Nt3lT87zrIkkC4En74avJSxt+cQlSs54sHFsRo/Idl
|
|
||||||
b/6b/dEeS4bko7xlymzX5WDSZJ9Aj69wNZx73TGsHiZDBnQziyE1lPPs38qYcJtc
|
|
||||||
kZKGgsTwJ0e1gvBE+k8KdhTSBX1jYPiycOpibajEERa6dMNZHIJRElJAQejgFDzE
|
|
||||||
VRLCZBddT0kwVx1ttqYCtYDGlqg2Th2J5n1GAddQLffz8/8ZOuJsCYYgA+8LY55f
|
|
||||||
x7H392msdTWnaLVW3VYE9j5lf69/pJlVThP46kjuwtX9hfEkoLRjXBF98TibnQXQ
|
|
||||||
E+LVUNv3ezR/W+lntJOxg7Pka+5OjG/S9Kgj/QOA4nAkoPeQ/NXosBX8d/Z8qHi3
|
|
||||||
f5YRtmT5NLwAgaSBg2lty8B20o9a63prwhEOmk++ENh8UmexUJ+Amy8lGyB/0fRC
|
|
||||||
2YFnC5sJJETjDjyrPrWJA8760Eq0TffRYYgcKyJJtioduyPncLxGY7CkT/tsh6oy
|
|
||||||
IY+RndKOfHdD67yqLZyuwdz/LsaxABELEbbFekE6mlQ/OclZzce5m8+bDZ4W3nRt
|
|
||||||
S/GygXhWNj6XxKyk8RQNB6p2a5gRIxEAadHuUJd0fFZht+xNlOEuB6n7CPkCAwEA
|
|
||||||
AQKCAgBILiZ/2jfXhG/64D5r/Tg8t6EV3wMn84ZGGzu03T7nPhK9dQkZVtvCGwcD
|
|
||||||
SwzIAY3frOT3GzEDMHaYe33HtdkVxyDOJxs/S9zUdB05rRh6pgvzeiZCe6zmuvSf
|
|
||||||
AHGgiTunMqnIe4EQEmTvLihCl6GuLl3HkF2GyOAEMexZkh7Y7C8QBpehuWhkEPOD
|
|
||||||
1S9HrpyADS7cDRKflW1Db5AZrzTO4mfqicV/Li7C1Ow8hs0kryqBFtVAyGDZBU18
|
|
||||||
mrlrZAR+dbEdL8boa2Vsopj3Wqc952TuCEKQXxOD5Gj3dwJ0o+EQhYASuPD1N0Ct
|
|
||||||
9JHdhIp2+vrsGURzcbr1iJPa0NnoKk1HHee5LI8PnjOIsy/KaNBM4PWvmP+sWbUC
|
|
||||||
Ej6JTiyZklHztRCq6EkXhUU2D1PplkqBtAM9DnubkuHvqrPa+BDEI1OZABxJHblA
|
|
||||||
FvSB5D8bLx7rFZD7H2UvDG+e/Y7STNSo178qY2X6e5GRxoaB+/m9XU/P0+nSA+U1
|
|
||||||
QtR00b95WSw6rn3hdgLXf5pxpmCoQqndkQzT8Xx/iY53s8Lr020c84tp6eMp4rsJ
|
|
||||||
t145eLi+RnJLGDnXeb0I5/sEJE9SUyR7L/AARB0ewgrTsr2Cy2zpDCDh2s6oWTcS
|
|
||||||
46XqU/yPcEf5NnPC7YLVjF8zWa6qO6VsBadntW6PmUbxQqehXQKCAQEAwdJGyX6w
|
|
||||||
F8WrUv3nxP1GOAB1z86/6HS/+2znmDAqlIFqMikIcUHsMfRMeBga/M+pvSRajmG3
|
|
||||||
MUWIoRZhgyDMMtdMGOqv8bAvaHqR7UlFymeU4m/kIRmJaU81167KKF0eFc4akf6G
|
|
||||||
bzIbkGkZVAlnLWGBaloYj6vz8NWw6gJkTT+vH+Cz9g0hJ+bnNHuttxLKkDW2Fc87
|
|
||||||
Mt8KFI14xK/tJiPktSCfVxjyVj16tn63lLQFKo5bOqsTUSxkFTPtIhGm2YGTk0Dv
|
|
||||||
/hM9x7GhMPnQ2o0lK6FhCHzAnQkoD5ld8KL5hV3iP7Jg0+H9c9c8e+gHum0n+vxo
|
|
||||||
WolOFsrd26ocEwKCAQEA01FbcKfz85qCP6336oVhr/Kl4TE2V+kWRbOpg48EVkJ+
|
|
||||||
uJrqLoA/OSCYjmmh7ly5fjTpE1Juvhbuo54MoGLxQ954H47Hux+0daoX9hAEcOK5
|
|
||||||
AiWINC7Gqi1rzQ3b9Vp2PxbiR6JcDqiy6UoK81uP6N6PgpUuu+EV74asP5SWGx/u
|
|
||||||
BhScd5QLjjtf77n0Zn5aoNSuHt3JOzjToMl4WCtaP+/t0edkBsfcU/grNs85B/wN
|
|
||||||
6A5uJR8T52wVWw5xQYbblU92JeDSgfQr1LD5VVOr8hQzVxDoOI8SL2dx68OEMw9v
|
|
||||||
hzVfHL79sKCLUAJHGqnBC+zLcVCbDctm7EVxgAmQQwKCAQEArO1Xit8lbZBHUzyG
|
|
||||||
VRNEWyLN+iKUxmmkAEciOn5+/xCYFzjU93fBrLAyqdOYAIenAcI1qWM1dxh61n6J
|
|
||||||
cd0JUzMUCgcaA6EWKzlwiS0ev3+7Lmx2NbH7D6JEf7LLW0f5V6sTub5FY2Bph2a9
|
|
||||||
2mSpUav1M1Y/I7BfbTi7J44Kv4FaVi69YYJFWryA/Cp8yyJQ6GmDk+HZB4JIFB5E
|
|
||||||
6festqK/o3r/r03qqVcg7UIRuPMEyPtKGgYYrgvVH7W8lPD61ITvjioZ9a5lKI4r
|
|
||||||
Ku84kEXuLAdH87Kah4Fr5L8JOXGu/nbNLdeQ3Hp9D6WxqTtT6dkKGryovl5S9bL6
|
|
||||||
TspvUQKCAQEAxAwJmlWnJMymo++BPolqHLMwI+DlOt/bMuVAkfYgHurn59qJAoUm
|
|
||||||
ophUEGN9wMczrBvoVG24ohBia1dY/X9tt/pwVU7AjCEY6cTZIAayKAyfeZdaapcu
|
|
||||||
5njnN0DxXQoFA/j2C2FcqJjoCzkPOcErnO7GE27WAaYMFMFLkl0GebnAuNFsbB/k
|
|
||||||
LJt3IM/TJzd4WxeVRruaUqAg7l2bkaj+vKyaZY+XpBbNmPV3Gg1cKsU0HaMtmrDf
|
|
||||||
ZWdH1MdsWU+E7lvfD7spcTkXZOafGwNaVWdaTh84YiiRxXriHMmyHzDl1nm0eNXU
|
|
||||||
RIZdWOgUEW+F0stn3wPaJg0bun2elBvLQwKCAQBcTaEhnVOJvBxMtM6G6N/rzBLb
|
|
||||||
yQNKPPmMfCK9+TXFMpfsfYqiST/63wRbYIQ0tjiyx+dXb7VawhovCT7AR5Ct+0zW
|
|
||||||
iCG9yUNhbFEXUWUbthdrt1Xr3IBw9NCfYHosTjyOHi0eAn1ORFlD6GNzv27zeQHR
|
|
||||||
nBJwR6/SJOLYNztJLIyQGrK8fBuqaVFf2zaxDwCiPtIRUudbLJPobEyGfszjpvAR
|
|
||||||
nIe1aqh/ONLjBgwkj/6uLI15IDexqoW5j6KyW+MlAqBmqLecOFnfM7ZKW6VHvZpZ
|
|
||||||
me+2Zgxulhq9iRyPHcYDhUzIktH6IF4hYITdLS4IbCezcp4LmHgbyDpxu3+J
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
|
@ -1,34 +0,0 @@
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIF5jCCA86gAwIBAgIUIzbfeuRpE4/TdkmJEYNNOA2VoLgwDQYJKoZIhvcNAQEN
|
|
||||||
BQAweTEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
|
|
||||||
Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
|
|
||||||
Y3VyaXR5MRUwEwYDVQQDEwxldGNkLXJvb3QtY2EwHhcNMTcwMTI2MTkxNTAwWhcN
|
|
||||||
MTcwMTI2MjAxNTAwWjB5MQwwCgYDVQQGEwNVU0ExEzARBgNVBAgTCkNhbGlmb3Ju
|
|
||||||
aWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xDTALBgNVBAoTBGV0Y2QxFjAUBgNV
|
|
||||||
BAsTDWV0Y2QgU2VjdXJpdHkxFTATBgNVBAMTDGV0Y2Qtcm9vdC1jYTCCAiIwDQYJ
|
|
||||||
KoZIhvcNAQEBBQADggIPADCCAgoCggIBAJ/96RuDfbC1rnM+cj1ZgLjwroebbx7N
|
|
||||||
sEVrAZ60zPaqiKQo0e6zSc2Ust2wDMV/rtSV1Cvzbd5U/O86yJJAuBJ++GryUsbf
|
|
||||||
nEJUrOeLBxbEaPyHZW/+m/3RHkuG5KO8Zcps1+Vg0mSfQI+vcDWce90xrB4mQwZ0
|
|
||||||
M4shNZTz7N/KmHCbXJGShoLE8CdHtYLwRPpPCnYU0gV9Y2D4snDqYm2oxBEWunTD
|
|
||||||
WRyCURJSQEHo4BQ8xFUSwmQXXU9JMFcdbbamArWAxpaoNk4dieZ9RgHXUC338/P/
|
|
||||||
GTribAmGIAPvC2OeX8ex9/dprHU1p2i1Vt1WBPY+ZX+vf6SZVU4T+OpI7sLV/YXx
|
|
||||||
JKC0Y1wRffE4m50F0BPi1VDb93s0f1vpZ7STsYOz5GvuToxv0vSoI/0DgOJwJKD3
|
|
||||||
kPzV6LAV/Hf2fKh4t3+WEbZk+TS8AIGkgYNpbcvAdtKPWut6a8IRDppPvhDYfFJn
|
|
||||||
sVCfgJsvJRsgf9H0QtmBZwubCSRE4w48qz61iQPO+tBKtE330WGIHCsiSbYqHbsj
|
|
||||||
53C8RmOwpE/7bIeqMiGPkZ3Sjnx3Q+u8qi2crsHc/y7GsQARCxG2xXpBOppUPznJ
|
|
||||||
Wc3HuZvPmw2eFt50bUvxsoF4VjY+l8SspPEUDQeqdmuYESMRAGnR7lCXdHxWYbfs
|
|
||||||
TZThLgep+wj5AgMBAAGjZjBkMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAG
|
|
||||||
AQH/AgECMB0GA1UdDgQWBBRnbPUmgSmUC3API24MQ5x/Xh08xzAfBgNVHSMEGDAW
|
|
||||||
gBRnbPUmgSmUC3API24MQ5x/Xh08xzANBgkqhkiG9w0BAQ0FAAOCAgEAFPoCwCcw
|
|
||||||
ecCkvFTxjJnMI9v+i0VlqgKH5Q8ZAxwsPI+bck5KdUbi7aWTwvlZxM/2WT0NsWGO
|
|
||||||
hKZhsJnOZsRaEmeKV5TD1Ua2urQSXWztjGDn/+6JR47FYIP57d3+w5wYuwwzy2ne
|
|
||||||
4oY4OIOmot9Wqgc1D5yOo9D81Udq6DOfb9DeXqa+UuQGoYu1hLQrgUQATxiYsu8T
|
|
||||||
FNoG7EQihNuIMlBhU/H1rCKtX4aeRXRRl7Rr/p/+AYqNUblnjwowvBGyYEfzO9ag
|
|
||||||
ixO+li3SbpD4SfZwX1T3SQukoOq2iSCnrWDdP9yvx04X8oPxhbAncjxASDfy4l2S
|
|
||||||
vhaks6L10qZkLjWNGA65UVDPgzAWTi/7XCZZ37bP2poLbg+/VbKVvN4PII81NB54
|
|
||||||
Ew9mkS9NwcjWQvjkhVPVGtk/fiYtkl5yrrWswJMW/fQJvipveMZbEW0jLVx28f7n
|
|
||||||
t+hvaKMy1QBr1HG3bVtty/izDVTsHJLbki07NRNkJM8M7zv960/rL8SK4J300Zm1
|
|
||||||
DjxeyipcX1IGnIeBzNT2ASu1cD40T+qwG7hYtSCpGAkBVq4ZnFSGb3yICv5TvUE4
|
|
||||||
WItEf4eaV/dK0f7yu02u+TS22LiFiWU1d1/wL8HX9n8utS2w3g/YXy8GNWahcjiM
|
|
||||||
AlehNnzoyVafYDVvMKNHBfJuaxa5qTQrctY=
|
|
||||||
-----END CERTIFICATE-----
|
|
|
@ -0,0 +1,13 @@
|
||||||
|
{
|
||||||
|
"signing": {
|
||||||
|
"default": {
|
||||||
|
"usages": [
|
||||||
|
"signing",
|
||||||
|
"key encipherment",
|
||||||
|
"server auth",
|
||||||
|
"client auth"
|
||||||
|
],
|
||||||
|
"expiry": "1h"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,91 +1,31 @@
|
||||||
#!/usr/bin/env bash
|
#!/bin/bash
|
||||||
set -e
|
|
||||||
|
|
||||||
if ! [[ "$0" =~ "./gencerts.sh" ]]; then
|
if ! [[ "$0" =~ "./gencerts.sh" ]]; then
|
||||||
echo "must be run from 'fixtures-expired'"
|
echo "must be run from 'fixtures'"
|
||||||
exit 255
|
exit 255
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if which cfssl >/dev/null; then
|
if ! which cfssl; then
|
||||||
echo "cfssl is installed; generating certs"
|
echo "cfssl is not installed"
|
||||||
else
|
exit 255
|
||||||
echo "cfssl is not installed; exiting"
|
|
||||||
exit 255
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
cat > ./etcd-root-ca-csr.json <<EOF
|
cfssl gencert --initca=true ./ca-csr.json | cfssljson --bare ./ca
|
||||||
{
|
mv ca.pem ca.crt
|
||||||
"key": {
|
|
||||||
"algo": "rsa",
|
|
||||||
"size": 4096
|
|
||||||
},
|
|
||||||
"names": [
|
|
||||||
{
|
|
||||||
"O": "etcd",
|
|
||||||
"OU": "etcd Security",
|
|
||||||
"L": "San Francisco",
|
|
||||||
"ST": "California",
|
|
||||||
"C": "USA"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"CN": "etcd-root-ca",
|
|
||||||
"ca": {
|
|
||||||
"expiry": "1h"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
EOF
|
|
||||||
|
|
||||||
cfssl gencert --initca=true ./etcd-root-ca-csr.json | cfssljson --bare ./etcd-root-ca
|
|
||||||
|
|
||||||
cat > ./etcd-gencert.json <<EOF
|
|
||||||
{
|
|
||||||
"signing": {
|
|
||||||
"default": {
|
|
||||||
"usages": [
|
|
||||||
"signing",
|
|
||||||
"key encipherment",
|
|
||||||
"server auth",
|
|
||||||
"client auth"
|
|
||||||
],
|
|
||||||
"expiry": "1h"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
EOF
|
|
||||||
|
|
||||||
cat > ./server-ca-csr.json <<EOF
|
|
||||||
{
|
|
||||||
"key": {
|
|
||||||
"algo": "rsa",
|
|
||||||
"size": 4096
|
|
||||||
},
|
|
||||||
"names": [
|
|
||||||
{
|
|
||||||
"O": "etcd",
|
|
||||||
"OU": "etcd Security",
|
|
||||||
"L": "San Francisco",
|
|
||||||
"ST": "California",
|
|
||||||
"C": "USA"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"CN": "example.com",
|
|
||||||
"hosts": [
|
|
||||||
"127.0.0.1",
|
|
||||||
"localhost"
|
|
||||||
]
|
|
||||||
}
|
|
||||||
EOF
|
|
||||||
|
|
||||||
cfssl gencert \
|
|
||||||
--ca ./etcd-root-ca.pem \
|
|
||||||
--ca-key ./etcd-root-ca-key.pem \
|
|
||||||
--config ./etcd-gencert.json \
|
|
||||||
./server-ca-csr.json | cfssljson --bare ./server
|
|
||||||
|
|
||||||
rm ./*.json
|
|
||||||
rm ./*.csr
|
|
||||||
|
|
||||||
if which openssl >/dev/null; then
|
if which openssl >/dev/null; then
|
||||||
openssl x509 -in ./etcd-root-ca.pem -text -noout
|
openssl x509 -in ca.crt -noout -text
|
||||||
openssl x509 -in ./server.pem -text -noout
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# generate DNS: localhost, IP: 127.0.0.1, CN: example.com certificates
|
||||||
|
cfssl gencert \
|
||||||
|
--ca ./ca.crt \
|
||||||
|
--ca-key ./ca-key.pem \
|
||||||
|
--config ./gencert.json \
|
||||||
|
./server-ca-csr.json | cfssljson --bare ./server
|
||||||
|
mv server.pem server.crt
|
||||||
|
mv server-key.pem server.key.insecure
|
||||||
|
if which openssl >/dev/null; then
|
||||||
|
openssl x509 -in ./server.crt -text -noout
|
||||||
|
fi
|
||||||
|
|
||||||
|
rm -f *.csr *.pem *.stderr *.txt
|
||||||
|
|
|
@ -0,0 +1,20 @@
|
||||||
|
{
|
||||||
|
"key": {
|
||||||
|
"algo": "rsa",
|
||||||
|
"size": 2048
|
||||||
|
},
|
||||||
|
"names": [
|
||||||
|
{
|
||||||
|
"O": "etcd",
|
||||||
|
"OU": "etcd Security",
|
||||||
|
"L": "San Francisco",
|
||||||
|
"ST": "California",
|
||||||
|
"C": "USA"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"CN": "example.com",
|
||||||
|
"hosts": [
|
||||||
|
"127.0.0.1",
|
||||||
|
"localhost"
|
||||||
|
]
|
||||||
|
}
|
|
@ -1,51 +0,0 @@
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIJKAIBAAKCAgEArjJG7BkDXGJ7IJeUbt9ilXZl/SqKVYnQQcbAVqKKsZOUTnWl
|
|
||||||
jYgslXIVDJAYUCZ2WNzXrHq6XOY4qbfNjDIdq28hlq+EydMOU9T/1WrFASbiJdrC
|
|
||||||
mFH1XUX9SImDw9qDit2S4bxW5gs+Q6cSRSGyHf+6/DD24NY2VP3qpjwaEByZGZ7K
|
|
||||||
769zRBhoI2sWslilztQKuiVdeTRNqMtCD/Qa4JIiwyzmYOwKEd+kitrsPwUQg/11
|
|
||||||
RNbUHZEy51GCzeZ467DcjnXiGHsAF6ZMznDvPY8GU71JYkBN1Tq8IQVe9yemqk6S
|
|
||||||
UXYoJJnebX3WMvCZ+XLKYWObANQpXxHsu6t68Hkcg5bDTTbg79JAS8co7wf1S3NA
|
|
||||||
3QudhrTf3anvdbtaZFukusQbVnH7qSp5LFTle+Vl7Megy0/juCBL9/xMSpWqUwUl
|
|
||||||
7evfrm/JkVmCoGm2+56uCyrVK9uRRraqp7J19RuNmhunOiURN610DjsisI1eqAHS
|
|
||||||
naDtMluwBc+HEaJWYzJN1JLvGA3ahOyOcv94FZ1msabq20txvp5oHLd7j9TaVGob
|
|
||||||
qSbDGLZGHrm5If/x2+1Dc9O55Om/82Q8r1Qxt+GqVX+TFed7AvBHFTYbBiW5gT8M
|
|
||||||
SqMb91t+MYmC9ChFbWepC35I6zoHX1B1CgV20lr5PH1wYO+k0IdO6ufZYBcCAwEA
|
|
||||||
AQKCAgAMledX4YrDnv3kYe9Af3VA9TfzLaKnAXkBd5mn6MB6if4aGRfn/OGzvnVU
|
|
||||||
3ghTqiO80d/nP0q9sYiAgp4gNfK80x+rIm1Go7ASUH5Xbgpjxepq775FgQ5oOclN
|
|
||||||
91mEygHdA5s8If5pSoCqJKUGR6P11Ocul18O6YstYtcUQZ1kcpyBJF7nKFb8oYLM
|
|
||||||
pE0Uf6EjK2DHCDITsrq1qlHQk0Np3EUUsubGM+eaWP0rZxvQhc4mqyZQ3fCfXkE+
|
|
||||||
Qz5fH/q2lKWqyUuXlzNvgf1koPY4DWBYpoFpztmQwVicTiYJV10MSvb5Wb8WveM7
|
|
||||||
J+9U6NtHEYsbtDWbvrhqfQIMoRwVqxryUj1h/GN95oZ80pFkhcLfBeu045Fyc7Aa
|
|
||||||
gZT/ugC2Jov/+1uxtLe9ZsZeY+MVBuLrUoG5+Q+Tink+uJ3KYn2TltpdiYmSZ7lY
|
|
||||||
s/SnUBGbmSJjpXsbqbcimnsZLX/T8X53UwHRG5eWmGhJBU60kATsFqZmvkYgI3wc
|
|
||||||
yenDQaIx93fwsBWEBn/Ms1XHaYvVIpeQ4eRboIzkNq0Aefyat6MIQPj5tf2Hlb93
|
|
||||||
bRNxoJaX6oiOtCrqfIdqk688pgjTwV5r4z4R+K4FbVRx0VbU0Dfsa4rVsRFidMdg
|
|
||||||
9s+xvS2wYePkjP5m5q574oStRKYuJsaPDJeXLI5XfzKnLa/eUQKCAQEA5bjIhflh
|
|
||||||
P/3yL/EEC4Pr9t655mi0qyxNegllfkuhEEdH6u+ygj4MtJikVUatL5XHylo0KGM1
|
|
||||||
asdJLlOwFYGsOKLk0Vj2BU1b9PljRYyS+8sZvOQOhDbxkl7zrvaezYPbsVd1IX0v
|
|
||||||
Q6fvOh9N5H127LkspHC+G03g6X+nY/+5b5CxaUHke6Cd+fjxiZnAbyzmhgIHohfC
|
|
||||||
7HCzmKfyJPIJgVpDAHaEWIpAVYU5qRwgrWWjx2WftFXF7NaI5KIoMgbqWCLp1A/O
|
|
||||||
eaO3CB/uRn3l4yjBy+paxpYzkS0LtfHMDk/0tPn8/AFt9L6Pjv+KXYhvpsJAqknQ
|
|
||||||
p0RmFEuEh+AQKQKCAQEAwh96H3TdUzRl0TewWL9IbKdeF1IV7PC1dwljevsTYlU5
|
|
||||||
kUztebtHA6XWXNwlKr8VQ1PVTsncB4VlX3bIlbg8fVy90Uu7FQ/dhSczyuZANjz/
|
|
||||||
ocazZi9wk8OG5k6Sgz/EdevsIPnBfdbPPGgxFkSr1CUEOkRwtI7p/F3gjeJviH7j
|
|
||||||
7BYKJje1mln3/r8h3esgeILOmK4/oKpjjRCbhAsU4j8kLFKMgUYdPgpqFzdgzOLO
|
|
||||||
EIoDqTl7anQkbJUoSbenoHF0xWmWG5uaOo4/ORuTr+ZoN4nkZ6D8R6ZQlPpIw4oD
|
|
||||||
WDeoAcSoFgKoczIlBk4lcz5mbwp2UsiLBYXJFH72PwKCAQEAzBd0R9r8dK74KXG2
|
|
||||||
h0iILodIoBTsVpuApeiNPDyS9vRtR6P3c1EPVq+6aGznVrx6iSPE7RDfF2PAd6Ew
|
|
||||||
cpsHWDYYlomz4ZgOF8ItWVAAEiYqUrBG2V47FzC2zP4crjf0ykUKMluWz0P2/Sts
|
|
||||||
t5BkRQJrUBk+POHe7XRVUjmTFTR2+i3pgZB8aearKPXpipxYnjxVbcQwkIG8febP
|
|
||||||
8dT7bumzV0j0YflKGPDI/p6XxZXkgTWfQsdllfowGviaP3/3WaCDH71/UoCKD3TW
|
|
||||||
69fUkxHVw4YNahtt6xAbNGWDRj/xB4yGH5phhyx6PLB5zIl3sK8qZmA4OTNCgctq
|
|
||||||
DpGZqQKCAQBgc+lnBdcOh4Nrj+MERY7Dxek/Zx7Tysovai/OpD/+ZOAkrPd1u7LO
|
|
||||||
QjEflJa3BZiYCmh7LFsyNXqoE0oY8iDEHTeHbbx3+5kSlubqErum92oAxMzQohOq
|
|
||||||
p8U4W6P6qM2B1gZOYCpez0PK/O4e5WIHF5lhJi5l2Hi0VyTC+tZ2GK5A2LaURKvs
|
|
||||||
FHXfUrKOJEzO9BeYz0N4HhE2vyC2XBc1TzA3AZEkjmTrNZt/C5oCU1MV7q1hANms
|
|
||||||
jCao+Pe6oREd7CGcERlvgEIChDkvs98O0EnKBq7BOsD/DMkPLMjIt6Nvyr+kmUT3
|
|
||||||
Irz1991jo6KB/2hAFg+ylEhXJyFBGNBbAoIBAFQhMh25emwXX/L0lEqoo1miDl2U
|
|
||||||
IYUFLl8sasRyZp7PmGuUSyKLMZwJesPvcXb4OL4h4Q+2Esx4nFhTkHjoo22AJWRK
|
|
||||||
ivLiDZHEVN5DKFCfaNoNCMeLi07syLRWl28K5O924lVfsEwISOd5VjuFynNHn5Tu
|
|
||||||
pE/VkfwUtY1owak3k737Yum1bBmUHyP6kJyUGQW0E9yhTcau1OnhU8XSvO+6lClK
|
|
||||||
wOg3RsP3LF3gslrRVgc+R95KOva7Oc2EuJDqoHJ8877+r68cHdJYe3mmb1pPNqC1
|
|
||||||
It+c6mphFAT6frmzkew72FEFzaiSx/Iqiwz4LqoMEnVYN8eVp7hehyGbb8o=
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
|
@ -0,0 +1,24 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIEEjCCAvqgAwIBAgIUbmmpzabDgRPOJj4EzbN+TfqIVhkwDQYJKoZIhvcNAQEL
|
||||||
|
BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
|
||||||
|
Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
|
||||||
|
Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xODA0MDgxNzUzMDBaFw0xODA0MDgxODUz
|
||||||
|
MDBaMHgxDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
|
||||||
|
BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
|
||||||
|
ZWN1cml0eTEUMBIGA1UEAxMLZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA
|
||||||
|
A4IBDwAwggEKAoIBAQCxxPIOJV9gc6CjyffN5ylSf7tWrJen8DiyETW5kmDRxnWE
|
||||||
|
RWRIFjcw6EIhyyXE4g5KEhYRqf6uVWY4a97X8xPTT0MwctifDYg2mFEzR4cswcVq
|
||||||
|
AmVG9PluWA5fE7SH0VnX2XJyslyeA/+1JlfowlcRkpCAkKPl/xGwYhBada6cA4zQ
|
||||||
|
YdA7DrNTUdVJt3EGf1wCL4BplcCjK2U53B0neUt5o1IlTwaF2yRpKiCrZ7sH6jI5
|
||||||
|
HugSFRorq65LwFFQPz+RBmNSAEnMF9z6nToQO/S6PYfvcS6od/7UjipaeY9biRq5
|
||||||
|
dgpnd3vr+vnR05z6hSNA/FZz5241SYsvJNFU/irfAgMBAAGjgZwwgZkwDgYDVR0P
|
||||||
|
AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
|
||||||
|
Af8EAjAAMB0GA1UdDgQWBBSzO25mJGCt/clSMtYNaX2vhZcVijAfBgNVHSMEGDAW
|
||||||
|
gBSLaEU8nqrYzNEcmi0oZKd1AAFKgTAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8A
|
||||||
|
AAEwDQYJKoZIhvcNAQELBQADggEBAGpOAvnIQ+YHCSYMKl4v9DpZWOoJ3PrG3bFB
|
||||||
|
FomGSIXJitWC4ONljF7o/OsDgOwfBo8L2e/HUSqCoxs4nDf/nzePYtenlL1vFQ4l
|
||||||
|
tajKUTgXKjE55uHhzVWRmcmMNM7yC2dJaoYO+mVwtjLCwvnyNvqG+rUPtk5SXP9t
|
||||||
|
rjVWNsowBSHTVSBoSLNxEI4DRrUvxm20y/E++VXwhliTHGpq+htGz7g7XSNHu7Xo
|
||||||
|
xEkBxRaavZbSEdOR3NPyDPfFAdglnxTk1DQ7DJjznEahegO+pTbID/OY3hrMDVKt
|
||||||
|
YnIt7WzS6KLnUzBOPS1jiyWVUK4QMC5yDAwYU4RH1Pr3XUCNWzk=
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -0,0 +1,27 @@
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIIEpAIBAAKCAQEAscTyDiVfYHOgo8n3zecpUn+7VqyXp/A4shE1uZJg0cZ1hEVk
|
||||||
|
SBY3MOhCIcslxOIOShIWEan+rlVmOGve1/MT009DMHLYnw2INphRM0eHLMHFagJl
|
||||||
|
RvT5blgOXxO0h9FZ19lycrJcngP/tSZX6MJXEZKQgJCj5f8RsGIQWnWunAOM0GHQ
|
||||||
|
Ow6zU1HVSbdxBn9cAi+AaZXAoytlOdwdJ3lLeaNSJU8GhdskaSogq2e7B+oyOR7o
|
||||||
|
EhUaK6uuS8BRUD8/kQZjUgBJzBfc+p06EDv0uj2H73EuqHf+1I4qWnmPW4kauXYK
|
||||||
|
Z3d76/r50dOc+oUjQPxWc+duNUmLLyTRVP4q3wIDAQABAoIBADykuAJ1Y10O9O0L
|
||||||
|
GDsosaMQKgN+a1oCDAVK863zro3BixNtbLFeysMnaHAI0kCg8Uj5dIfgGx6zyWRU
|
||||||
|
ADhhFxFOB9i+RQG1ZxNg0MqSix2MmOD6Ijybk3++EGEE4uA2XdTRvEY+bHQHXzMX
|
||||||
|
+oNP0M4Q1rTVIuRyKEGoonWJkeBsj1m4U5q553EWDQv9esXzuwpnZ3/1thxQhZIJ
|
||||||
|
TBSQ/RhD8/9v95+wU3tVVMoqXhAbqjx0122ZF4khZJb6YM7YaHDdstX+own3yejI
|
||||||
|
srvjNH3E3IiY0HZyhg7ohRfRDSoDLZz0F3v3Dd7wGNWkNYU3vtd1A6Y+xM6U9EwO
|
||||||
|
u5taTEkCgYEA63MkVXR0Yd3tlffm1WQxtcVix2vbnNKY88L6GW4/+RYUMAThqQF4
|
||||||
|
L7YwNNqGjLqhp5U5cAydaMunRsOf/wYFYAaUcRWPISCzbgZh5cgr1XPafb2iMNzD
|
||||||
|
xjE/MhG3jjhKP2nA/QUrUd8woEOEq6qUijIiDyTh84rdpZ1K8uIvuuMCgYEAwUj/
|
||||||
|
0I0gbNZB84/whfnfEkt5ZebYs1vKxRHm5xB58PEZTdoTTlZvoTGzn/NJZrOtZOLo
|
||||||
|
abbvB2xlZNBPl36ZMh5561LPnTTP94qGVfsdr83atMG6AHje7/2cw9BddRXSUjlN
|
||||||
|
SEjzhwRf6HklsiVo0QmWSLD0BDeZGtxHgBhNZNUCgYEAiTo5wgi20Fed4tty0Yqt
|
||||||
|
Imlh8iMeA6AG/4PzaqEEbjP9HiOqNmuh1gUUwalf5GPeViM2L+VaVTrlSuw3s1aa
|
||||||
|
CWasW+CZ5E//5C+aHWf2jFkSzliZUGtLO5d2YsNKvXx3YdBMZ+v8XKJ939qaV8d6
|
||||||
|
/bTMfxEbFGwqVR2BEmDcOssCgYBPUTOZU7CwuSQLXVAoyqdeDJbe2GKpB8woHvaQ
|
||||||
|
b9R6qZXmus0dYp8gmRLLWr0OZkGLmwohB68DbtoVCt7+njcjuBn0FeGY86k8Ph5u
|
||||||
|
fkRqdqF/d9hqhS+HcJ26RXF0sOXEVDuApF87UvJApiZv+qYO0k5XujYI3P/5Y9f7
|
||||||
|
mv13mQKBgQCyBOuHxbZWn2Y15Z6w6K7DOdFuxGjM8ATqdJ8NmGPDABlfrSZiTwkf
|
||||||
|
gLY59kZREdl13DzGCVxbk1EGq+KFNTRSovuf7DG7kY0wQcOlQOzLS7fnftJOBw4E
|
||||||
|
jaTx6novxP3dqWlYmuu1BP/foiVvKHnVYobNihe6rKiaLoH3fWotsg==
|
||||||
|
-----END RSA PRIVATE KEY-----
|
|
@ -1,35 +0,0 @@
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIGHDCCBASgAwIBAgIUcGlr9BUSOAwUt3SDhav9yWokZDowDQYJKoZIhvcNAQEN
|
|
||||||
BQAweTEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
|
|
||||||
Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
|
|
||||||
Y3VyaXR5MRUwEwYDVQQDEwxldGNkLXJvb3QtY2EwHhcNMTcwMTI2MTkxNTAwWhcN
|
|
||||||
MTcwMTI2MjAxNTAwWjB4MQwwCgYDVQQGEwNVU0ExEzARBgNVBAgTCkNhbGlmb3Ju
|
|
||||||
aWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xDTALBgNVBAoTBGV0Y2QxFjAUBgNV
|
|
||||||
BAsTDWV0Y2QgU2VjdXJpdHkxFDASBgNVBAMTC2V4YW1wbGUuY29tMIICIjANBgkq
|
|
||||||
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArjJG7BkDXGJ7IJeUbt9ilXZl/SqKVYnQ
|
|
||||||
QcbAVqKKsZOUTnWljYgslXIVDJAYUCZ2WNzXrHq6XOY4qbfNjDIdq28hlq+EydMO
|
|
||||||
U9T/1WrFASbiJdrCmFH1XUX9SImDw9qDit2S4bxW5gs+Q6cSRSGyHf+6/DD24NY2
|
|
||||||
VP3qpjwaEByZGZ7K769zRBhoI2sWslilztQKuiVdeTRNqMtCD/Qa4JIiwyzmYOwK
|
|
||||||
Ed+kitrsPwUQg/11RNbUHZEy51GCzeZ467DcjnXiGHsAF6ZMznDvPY8GU71JYkBN
|
|
||||||
1Tq8IQVe9yemqk6SUXYoJJnebX3WMvCZ+XLKYWObANQpXxHsu6t68Hkcg5bDTTbg
|
|
||||||
79JAS8co7wf1S3NA3QudhrTf3anvdbtaZFukusQbVnH7qSp5LFTle+Vl7Megy0/j
|
|
||||||
uCBL9/xMSpWqUwUl7evfrm/JkVmCoGm2+56uCyrVK9uRRraqp7J19RuNmhunOiUR
|
|
||||||
N610DjsisI1eqAHSnaDtMluwBc+HEaJWYzJN1JLvGA3ahOyOcv94FZ1msabq20tx
|
|
||||||
vp5oHLd7j9TaVGobqSbDGLZGHrm5If/x2+1Dc9O55Om/82Q8r1Qxt+GqVX+TFed7
|
|
||||||
AvBHFTYbBiW5gT8MSqMb91t+MYmC9ChFbWepC35I6zoHX1B1CgV20lr5PH1wYO+k
|
|
||||||
0IdO6ufZYBcCAwEAAaOBnDCBmTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
|
|
||||||
KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFE7MTPuM
|
|
||||||
DNH+edtzjnjB+8Tuwx62MB8GA1UdIwQYMBaAFGds9SaBKZQLcA8jbgxDnH9eHTzH
|
|
||||||
MBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQ0FAAOCAgEA
|
|
||||||
S1Kx/+L5UNAjvXoDWAvFJMIpQcsFhV6vj/sbwxgwXTKjQHOOehEwaaEW735EDmhC
|
|
||||||
4CLgyM94i7eFEGwAVwWpnh6XAfqCMGd32T5aRPktiGqnQ+aAVdC/fgmWWKqA7ix5
|
|
||||||
Bsjg9WbuBZvI1tAIscq7ajeHFBb/mndgP2kRJf8Rd7NH3VsmLHlK6KKwe/ThKvwZ
|
|
||||||
IRTfN7ABWzKq/MmGUOWuBiQaLM7DT05m3ISpN3YCHJL4HRjLz6WZ9vP3GLDcrC8H
|
|
||||||
a7TPizjB3/+y++htnDBhVAAVl4GgolRZzjkzERxDZlvyY7T8sfq9a+9GGHgRXB8v
|
|
||||||
9wWOYph2r8K1aPaVPw88cri9l993g+vWgKhEse+JoiHgcyCp2VjnM6cpMhCPktBp
|
|
||||||
YBZ/jBma5EQoLIdBFmDcH/tVs6l6o/9J3q2x+fPZYZkvyuUbxb+TdRZllCqx1myy
|
|
||||||
YxCGTLdjWEHQbdcVc8totLPgJik2LjFoPAvYgrqO0o3vTz1oagLbwie4D2uK9Ats
|
|
||||||
pu4KxGCsDtzyf/w9sBZti/ovIgttB7IxeFWZYIWVRCkJkre9rm8qmaCmMY2FvBDY
|
|
||||||
nBSTldaLpHAryjleyu/WYdqW8Qc+EqIPCzCvJkrKfhZEN7AT7vFwmvnOjJetFdEL
|
|
||||||
UNJ3wyITBZtiMRAInMkRi3zFeHTVqaockL/FoplkY4Q=
|
|
||||||
-----END CERTIFICATE-----
|
|
|
@ -1,42 +1,44 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
if ! [[ "$0" =~ "./gencerts.sh" ]]; then
|
if ! [[ "$0" =~ "./gencerts.sh" ]]; then
|
||||||
echo "must be run from 'fixtures'"
|
echo "must be run from 'fixtures'"
|
||||||
exit 255
|
exit 255
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! which cfssl; then
|
if ! which cfssl; then
|
||||||
echo "cfssl is not installed"
|
echo "cfssl is not installed"
|
||||||
exit 255
|
exit 255
|
||||||
fi
|
fi
|
||||||
|
|
||||||
cfssl gencert --initca=true ./ca-csr.json | cfssljson --bare ./ca
|
cfssl gencert --initca=true ./ca-csr.json | cfssljson --bare ./ca
|
||||||
mv ca.pem ca.crt
|
mv ca.pem ca.crt
|
||||||
openssl x509 -in ca.crt -noout -text
|
if which openssl >/dev/null; then
|
||||||
|
openssl x509 -in ca.crt -noout -text
|
||||||
|
fi
|
||||||
|
|
||||||
# generate DNS: localhost, IP: 127.0.0.1, CN: example.com certificates
|
# generate DNS: localhost, IP: 127.0.0.1, CN: example.com certificates
|
||||||
cfssl gencert \
|
cfssl gencert \
|
||||||
--ca ./ca.crt \
|
--ca ./ca.crt \
|
||||||
--ca-key ./ca-key.pem \
|
--ca-key ./ca-key.pem \
|
||||||
--config ./gencert.json \
|
--config ./gencert.json \
|
||||||
./server-ca-csr.json | cfssljson --bare ./server
|
./server-ca-csr.json | cfssljson --bare ./server
|
||||||
mv server.pem server.crt
|
mv server.pem server.crt
|
||||||
mv server-key.pem server.key.insecure
|
mv server-key.pem server.key.insecure
|
||||||
|
|
||||||
# generate DNS: localhost, IP: 127.0.0.1, CN: example2.com certificates
|
# generate DNS: localhost, IP: 127.0.0.1, CN: example2.com certificates
|
||||||
cfssl gencert \
|
cfssl gencert \
|
||||||
--ca ./ca.crt \
|
--ca ./ca.crt \
|
||||||
--ca-key ./ca-key.pem \
|
--ca-key ./ca-key.pem \
|
||||||
--config ./gencert.json \
|
--config ./gencert.json \
|
||||||
./server-ca-csr2.json | cfssljson --bare ./server2
|
./server-ca-csr2.json | cfssljson --bare ./server2
|
||||||
mv server2.pem server2.crt
|
mv server2.pem server2.crt
|
||||||
mv server2-key.pem server2.key.insecure
|
mv server2-key.pem server2.key.insecure
|
||||||
|
|
||||||
# generate revoked certificates and crl
|
# generate revoked certificates and crl
|
||||||
cfssl gencert --ca ./ca.crt \
|
cfssl gencert --ca ./ca.crt \
|
||||||
--ca-key ./ca-key.pem \
|
--ca-key ./ca-key.pem \
|
||||||
--config ./gencert.json \
|
--config ./gencert.json \
|
||||||
./server-ca-csr.json 2>revoked.stderr | cfssljson --bare ./server-revoked
|
./server-ca-csr.json 2>revoked.stderr | cfssljson --bare ./server-revoked
|
||||||
mv server-revoked.pem server-revoked.crt
|
mv server-revoked.pem server-revoked.crt
|
||||||
mv server-revoked-key.pem server-revoked.key.insecure
|
mv server-revoked-key.pem server-revoked.key.insecure
|
||||||
grep serial revoked.stderr | awk ' { print $9 } ' >revoke.txt
|
grep serial revoked.stderr | awk ' { print $9 } ' >revoke.txt
|
||||||
|
@ -44,10 +46,10 @@ cfssl gencrl revoke.txt ca.crt ca-key.pem | base64 --decode >revoke.crl
|
||||||
|
|
||||||
# generate wildcard certificates DNS: *.etcd.local
|
# generate wildcard certificates DNS: *.etcd.local
|
||||||
cfssl gencert \
|
cfssl gencert \
|
||||||
--ca ./ca.crt \
|
--ca ./ca.crt \
|
||||||
--ca-key ./ca-key.pem \
|
--ca-key ./ca-key.pem \
|
||||||
--config ./gencert.json \
|
--config ./gencert.json \
|
||||||
./server-ca-csr-wildcard.json | cfssljson --bare ./server-wildcard
|
./server-ca-csr-wildcard.json | cfssljson --bare ./server-wildcard
|
||||||
mv server-wildcard.pem server-wildcard.crt
|
mv server-wildcard.pem server-wildcard.crt
|
||||||
mv server-wildcard-key.pem server-wildcard.key.insecure
|
mv server-wildcard-key.pem server-wildcard.key.insecure
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue