Warrenn/generatecert.sh

## generatecert.sh

            cat <<'EOF' > $IBEAM_GATEWAY_DIR/san.tmpl
                [req]
                default_bits = 2048
                distinguished_name = req_distinguished_name
                req_extensions = req_ext
                x509_extensions = v3_req
                prompt = no

                [req_distinguished_name]
                countryName = XX
                stateOrProvinceName = N/A
                localityName = N/A
                organizationName = IBeam
                commonName = IBeam

                [req_ext]
                subjectAltName = @alt_names

                [v3_req]
                subjectAltName = @alt_names

                [alt_names]
                IP.1 = ${!PUBLIC_IPV4}
                DNS.1 = ${!PUBLIC_HOSTNAME}
            EOF

            cat <<'EOF' > $IBEAM_GATEWAY_DIR/generate-cert.sh
                TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
                MAC_ID=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/mac)
                PUBLIC_IPV4=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/network/interfaces/macs/${!MAC_ID}/public-ipv4s)
                PUBLIC_HOSTNAME=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/network/interfaces/macs/${!MAC_ID}/public-hostname)

                touch $IBEAM_GATEWAY_DIR/san.cnf
                chmod 777 $IBEAM_GATEWAY_DIR/san.cnf
                PUBLIC_IPV4=$PUBLIC_IPV4 PUBLIC_HOSTNAME=$PUBLIC_HOSTNAME envsubst < $IBEAM_GATEWAY_DIR/san.tmpl > $IBEAM_GATEWAY_DIR/san.cnf

                openssl req -x509 -days 730 -newkey rsa:2048 -keyout $IBEAM_GATEWAY_DIR/key.pem -out $IBEAM_GATEWAY_DIR/cert.pem -config $IBEAM_GATEWAY_DIR/san.cnf -passout pass:"password"
                cat $IBEAM_GATEWAY_DIR/key.pem $IBEAM_GATEWAY_DIR/cert.pem > $IBEAM_GATEWAY_DIR/cacert.pem
                openssl pkcs12 -export -in $IBEAM_GATEWAY_DIR/cacert.pem -out $IBEAM_GATEWAY_DIR/cacert.p12 -passin pass:'password' -passout pass:'password'
                echo "password" | keytool -importkeystore -srckeystore $IBEAM_GATEWAY_DIR/cacert.p12 -srcstoretype pkcs12 -destkeystore $IBEAM_GATEWAY_DIR/cacert.jks -storepass password -deststoretype pkcs12

                cp $IBEAM_GATEWAY_DIR/key.pem /etc/ssl/certs/key.pem
                cp $IBEAM_GATEWAY_DIR/cert.pem /etc/ssl/certs/cert.pem
            EOF
            chmod +x $IBEAM_GATEWAY_DIR/generate-cert.sh

            cd $IBEAM_GATEWAY_DIR
            IBEAM_GATEWAY_DIR=$IBEAM_GATEWAY_DIR . $IBEAM_GATEWAY_DIR/generate-cert.sh

	cat <<'EOF' > $IBEAM_GATEWAY_DIR/san.tmpl
	[req]
	default_bits = 2048
	distinguished_name = req_distinguished_name
	req_extensions = req_ext
	x509_extensions = v3_req
	prompt = no

	[req_distinguished_name]
	countryName = XX
	stateOrProvinceName = N/A
	localityName = N/A
	organizationName = IBeam
	commonName = IBeam

	[req_ext]
	subjectAltName = @alt_names

	[v3_req]
	subjectAltName = @alt_names

	[alt_names]
	IP.1 = ${!PUBLIC_IPV4}
	DNS.1 = ${!PUBLIC_HOSTNAME}
	EOF

	cat <<'EOF' > $IBEAM_GATEWAY_DIR/generate-cert.sh
	TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
	MAC_ID=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/mac)
	PUBLIC_IPV4=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/network/interfaces/macs/${!MAC_ID}/public-ipv4s)
	PUBLIC_HOSTNAME=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/network/interfaces/macs/${!MAC_ID}/public-hostname)

	touch $IBEAM_GATEWAY_DIR/san.cnf
	chmod 777 $IBEAM_GATEWAY_DIR/san.cnf
	PUBLIC_IPV4=$PUBLIC_IPV4 PUBLIC_HOSTNAME=$PUBLIC_HOSTNAME envsubst < $IBEAM_GATEWAY_DIR/san.tmpl > $IBEAM_GATEWAY_DIR/san.cnf

	openssl req -x509 -days 730 -newkey rsa:2048 -keyout $IBEAM_GATEWAY_DIR/key.pem -out $IBEAM_GATEWAY_DIR/cert.pem -config $IBEAM_GATEWAY_DIR/san.cnf -passout pass:"password"
	cat $IBEAM_GATEWAY_DIR/key.pem $IBEAM_GATEWAY_DIR/cert.pem > $IBEAM_GATEWAY_DIR/cacert.pem
	openssl pkcs12 -export -in $IBEAM_GATEWAY_DIR/cacert.pem -out $IBEAM_GATEWAY_DIR/cacert.p12 -passin pass:'password' -passout pass:'password'
	echo "password" \| keytool -importkeystore -srckeystore $IBEAM_GATEWAY_DIR/cacert.p12 -srcstoretype pkcs12 -destkeystore $IBEAM_GATEWAY_DIR/cacert.jks -storepass password -deststoretype pkcs12

	cp $IBEAM_GATEWAY_DIR/key.pem /etc/ssl/certs/key.pem
	cp $IBEAM_GATEWAY_DIR/cert.pem /etc/ssl/certs/cert.pem
	EOF
	chmod +x $IBEAM_GATEWAY_DIR/generate-cert.sh

	cd $IBEAM_GATEWAY_DIR
	IBEAM_GATEWAY_DIR=$IBEAM_GATEWAY_DIR . $IBEAM_GATEWAY_DIR/generate-cert.sh