Skip to content

Instantly share code, notes, and snippets.

@boina-n

boina-n/SSL certificat creation with cfssl

Created December 23, 2019 15:13
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save boina-n/fa6aae40600b9d5d536103749841d2a7 to your computer and use it in GitHub Desktop.
Save boina-n/fa6aae40600b9d5d536103749841d2a7 to your computer and use it in GitHub Desktop.
Download ZIP
Create-certificat-with-cfssl.md
Raw
SSL certificat creation with cfssl
## Create CA
{
cat > ca-config.json <<EOF
{
"signing": {
"default": {
"expiry": "8760h"
},
"profiles": {
"openshift-install": {
"usages": ["signing", "key encipherment", "server auth", "client auth"],
"expiry": "8760h"
}
}
}
}
EOF
cat > ca-csr.json <<EOF
{
"CN": "myproxy",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "FR",
"L": "Grenoble",
"O": "Nadj",
"OU": "CA",
"ST": "Isère"
}
]
}
EOF
gencert -initca ca-csr.json | /usr/local/bin/cfssljson -bare ca
}
{
cat > olomar-csr.json <<EOF
{
"hosts": [
"olomar.odic.rd.francetelecom.fr"
],
"CN": "olomar.odic.rd.francetelecom.fr",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "FR",
"L": "Grenoble",
"O": "Nadj",
"OU": "Nginx",
"ST": "Isère"
}
]
}
EOF
cfssl gencert \
-ca=ca.pem \
-ca-key=ca-key.pem \
-config=ca-config.json \
-profile=openshift-install \
olomar-csr.json | /usr/local/bin/cfssljson -bare olomar-cert
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment