Skip to content

Instantly share code, notes, and snippets.

@farshidtz
Last active May 10, 2023 14:12
Show Gist options
  • Save farshidtz/8fe88373a5ef1243847282f29a06184f to your computer and use it in GitHub Desktop.
Save farshidtz/8fe88373a5ef1243847282f29a06184f to your computer and use it in GitHub Desktop.
#!/bin/bash -e
SERVER_CERT_FILE=server.cert
SERVER_KEY_FILE=server.key
SERVER_CSR_FILE=server.csr
CA_CERT_FILE=ca.cert
CA_KEY_FILE=ca.key
# Generate the Certificate Authority (CA) Private Key
openssl ecparam -name prime256v1 -genkey -noout -out $CA_KEY_FILE
# Generate the Certificate Authority Certificate
openssl req -new -x509 -sha256 -key $CA_KEY_FILE -out $CA_CERT_FILE -subj "/CN=local-ca"
# Generate the Server Certificate Private Key
openssl ecparam -name prime256v1 -genkey -noout -out $SERVER_KEY_FILE
# Generate the Server Certificate Signing Request
openssl req -new -sha256 -key $SERVER_KEY_FILE -out $SERVER_CSR_FILE -subj "/CN=localhost"
# Generate the Server Certificate
openssl x509 -req -in $SERVER_CSR_FILE -CA $CA_CERT_FILE -CAkey $CA_KEY_FILE -CAcreateserial -out $SERVER_CERT_FILE -days 1000 -sha256
# move the files to a directory that the snap has permission to see
sudo mv $SERVER_CERT_FILE $SERVER_KEY_FILE /var/snap/edgexfoundry/common
sudo edgexfoundry.secrets-config proxy tls \
--inCert /var/snap/edgexfoundry/common/server.cert \
--inKey /var/snap/edgexfoundry/common/server.key \
--targetFolder /var/snap/edgexfoundry/current/nginx
# Reload nginx so that it starts using the new certificate
sudo snap restart --reload edgexfoundry.nginx
# Try it out
curl --cacert ca.cert --verbose https://localhost:8443/core-data/api/v3/ping
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment