-
-
Save Fastidious/776c7b2799ff0b79601eb0ffa2c7edb5 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| DIR=$(dirname "$(readlink -f "$0")") | |
| FILES="$DIR"/files/ | |
| mkdir -p "$FILES"/ | |
| if [ ! -f "$FILES"/sandbox-ca.crt ]; then | |
| echo '########################################' | |
| echo '# GENERATING NEW ROOT CA CERT & KEY #' | |
| echo '# If want to cancel, press Ctrl-C now. #' | |
| echo '########################################' | |
| read -r | |
| # Generate root CA | |
| openssl genrsa -out "$FILES"/sandbox-ca.key 4096 | |
| openssl req -x509 -new -nodes -extensions v3_ca -key "$FILES"/sandbox-ca.key \ | |
| -days 1024 -out "$FILES"/sandbox-ca.crt -sha512 \ | |
| -subj "/C=SK/ST=Slovakia/L=Bratislava/O=MyCompany/CN=Sandbox Root CA" | |
| else | |
| echo "Root CA already generated" | |
| fi | |
| for server in service-green01 service-green02 servicelb-green01 servicelb-green02 \ | |
| mark-services mark-gitlab mark-openstack-1 mark-openstack-2; do | |
| domain=$server.sandbox.mycompany.com | |
| if [ ! -f "$FILES"/$server.key ]; then | |
| openssl genrsa -out "$FILES"/$server.key 4096 | |
| openssl req -new \ | |
| -key "$FILES"/$server.key -out "$FILES"/$server.csr \ | |
| -subj "/C=SK/ST=Slovakia/L=Bratislava/O=MyCompany/CN=$domain" | |
| openssl x509 -req -CA "$FILES"/sandbox-ca.crt -CAkey "$FILES"/sandbox-ca.key \ | |
| -CAcreateserial -days 365 -sha512 \ | |
| -extfile <(printf "subjectAltName=DNS:%s" "$domain") \ | |
| -in "$FILES"/$server.csr -out "$FILES"/$server.crt | |
| else | |
| echo "Certificate and key are already generated for $server" | |
| fi | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment