Last active
May 10, 2023 14:12
-
-
Save farshidtz/8fe88373a5ef1243847282f29a06184f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -e | |
| SERVER_CERT_FILE=server.cert | |
| SERVER_KEY_FILE=server.key | |
| SERVER_CSR_FILE=server.csr | |
| CA_CERT_FILE=ca.cert | |
| CA_KEY_FILE=ca.key | |
| # Generate the Certificate Authority (CA) Private Key | |
| openssl ecparam -name prime256v1 -genkey -noout -out $CA_KEY_FILE | |
| # Generate the Certificate Authority Certificate | |
| openssl req -new -x509 -sha256 -key $CA_KEY_FILE -out $CA_CERT_FILE -subj "/CN=local-ca" | |
| # Generate the Server Certificate Private Key | |
| openssl ecparam -name prime256v1 -genkey -noout -out $SERVER_KEY_FILE | |
| # Generate the Server Certificate Signing Request | |
| openssl req -new -sha256 -key $SERVER_KEY_FILE -out $SERVER_CSR_FILE -subj "/CN=localhost" | |
| # Generate the Server Certificate | |
| openssl x509 -req -in $SERVER_CSR_FILE -CA $CA_CERT_FILE -CAkey $CA_KEY_FILE -CAcreateserial -out $SERVER_CERT_FILE -days 1000 -sha256 | |
| # move the files to a directory that the snap has permission to see | |
| sudo mv $SERVER_CERT_FILE $SERVER_KEY_FILE /var/snap/edgexfoundry/common | |
| sudo edgexfoundry.secrets-config proxy tls \ | |
| --inCert /var/snap/edgexfoundry/common/server.cert \ | |
| --inKey /var/snap/edgexfoundry/common/server.key \ | |
| --targetFolder /var/snap/edgexfoundry/current/nginx | |
| # Reload nginx so that it starts using the new certificate | |
| sudo snap restart --reload edgexfoundry.nginx | |
| # Try it out | |
| curl --cacert ca.cert --verbose https://localhost:8443/core-data/api/v3/ping |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment