Script to generate certificates for satellite server

satellite_cert_generator.sh

country=IN
state=Maharashtra
locality=Pune
organization=redhat
organizationalunit=QE
commonname=$(hostname)

openssl genrsa -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem -subj "/C=$country/ST=$state/L=$locality/O=$organization/OU=$organizationalunit/CN=$commonname"
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr -subj "/C=$country/ST=$state/L=$locality/O=$organization/OU=$organizationalunit/CN=$commonname"
echo "authorityKeyIdentifier=keyid,issuer" > x509.ext
echo "basicConstraints=CA:FALSE" >> x509.ext
echo "keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment" >> x509.ext
echo "subjectAltName = @alt_names" >> x509.ext
echo "[alt_names]" >> x509.ext
echo "DNS.1 = localhost" >> x509.ext
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.valid.crt -days 100 -sha256 -extfile x509.ext
echo "Reading generated certificate :: "
openssl x509 -text -in server.valid.crt -noout
katello-certs-check -c server.valid.crt -k server.key -b rootCA.pem

#! /bin/bash
if [ -n "$1" ]; then
name=$1
else
name=$(hostname)
fi
git clone https://github.com/ntkathole/ownca.git
cd ownca
yes "" | ./generate-ca.sh
yes | ./generate-crt.sh $name
certdir="$(pwd)/$name/"
cp cacert.crt $name/
cd $name
katello-certs-check -c "$name.crt" -k "$name.key" -b cacert.crt

Hello, how about s/-days 100/-days 365/ in ist.github.com/ntkathole/d6f15b984fd5851ccf6c54c059c400fb#file-satellite_cert_generator-sh-L17

Thank you

Due to the fix of below Bugzilla in 6.9 snap 1, now certs generated above this script will fail in katello-check-certs as 'Alt name DNS' will not have the hostname of the Satellite.

https://bugzilla.redhat.com/show_bug.cgi?id=1887504

to fix, we need to change echo "DNS.1 = localhost" >> x509.ext to echo "DNS.1 = $commonname" >> x509.ext