Skip to content

Instantly share code, notes, and snippets.

@thebsdbox

thebsdbox/harbor_certs.sh

Last active May 2, 2019 15:49
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save thebsdbox/4b2ebd11738c9b2c977d0de752fe42e3 to your computer and use it in GitHub Desktop.
Save thebsdbox/4b2ebd11738c9b2c977d0de752fe42e3 to your computer and use it in GitHub Desktop.
Download ZIP
This is a quick script that will generate certificates for harbor and SSL
Raw
harbor_certs.sh
#!/bin/bash
echo "This script will generate the requires certificates for harbour"
if [ -z "$1" ]
then
echo "No hostname or IP address specified for certificate"
exit 1
fi
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=UK/ST=Yorkshire/L=Yorkshire/O=fnnrn.me/OU=Personal/CN=$1" \
-key ca.key \
-out ca.crt
openssl genrsa -out $1.key 4096
openssl req -sha512 -new \
-subj "/C=UK/ST=Yorkshire/L=Yorkshire/O=fnnrn.me/OU=Personal/CN=$1" \
-key $1.key \
-out $1.csr
# This will strip the domain
HOSTNAME=`echo "$1" | cut -d '.' -f1`
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=$1
DNS.2=$HOSTNAME
EOF
openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in $1.csr \
-out $1.crt
echo "Making relevant directory tree ./data/cert"
mkdir -p ./data/cert
cp $1.crt ./data/cert
cp $1.key ./data/cert
echo "Making Docker configuration"
mkdir -p ./docker/certs.d/$1/
openssl x509 -inform PEM -in $1.crt -out $1.cert
cp $1.cert ./docker/certs.d/$1/
cp $1.key ./docker/certs.d/$1/
cp ca.crt ./docker/certs.d/$1/
echo "The docker directory needs moving/copying to /etc"
echo "The ./data/certs directory needs referring too in harbor.cfg"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment