Created
January 7, 2019 14:56
-
-
Save kmARC/458a2afbd55635eef3b5f911359ce5e0 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| DIR=$(dirname "$(readlink -f "$0")") | |
| FILES="$DIR"/files/ | |
| mkdir -p "$FILES"/ | |
| if [ ! -f "$FILES"/sandbox-ca.crt ]; then | |
| echo '########################################' | |
| echo '# GENERATING NEW ROOT CA CERT & KEY #' | |
| echo '# If want to cancel, press Ctrl-C now. #' | |
| echo '########################################' | |
| read -r | |
| # Generate root CA | |
| openssl genrsa -out "$FILES"/sandbox-ca.key 4096 | |
| openssl req -x509 -new -nodes -extensions v3_ca -key "$FILES"/sandbox-ca.key \ | |
| -days 1024 -out "$FILES"/sandbox-ca.crt -sha512 \ | |
| -subj "/C=SK/ST=Slovakia/L=Bratislava/O=MyCompany/CN=Sandbox Root CA" | |
| else | |
| echo "Root CA already generated" | |
| fi | |
| for server in service-green01 service-green02 servicelb-green01 servicelb-green02 \ | |
| mark-services mark-gitlab mark-openstack-1 mark-openstack-2; do | |
| domain=$server.sandbox.mycompany.com | |
| if [ ! -f "$FILES"/$server.key ]; then | |
| openssl genrsa -out "$FILES"/$server.key 4096 | |
| openssl req -new \ | |
| -key "$FILES"/$server.key -out "$FILES"/$server.csr \ | |
| -subj "/C=SK/ST=Slovakia/L=Bratislava/O=MyCompany/CN=$domain" | |
| openssl x509 -req -CA "$FILES"/sandbox-ca.crt -CAkey "$FILES"/sandbox-ca.key \ | |
| -CAcreateserial -days 365 -sha512 \ | |
| -extfile <(printf "subjectAltName=DNS:%s" "$domain") \ | |
| -in "$FILES"/$server.csr -out "$FILES"/$server.crt | |
| else | |
| echo "Certificate and key are already generated for $server" | |
| fi | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment