Last active
May 2, 2019 15:49
-
-
Save thebsdbox/4b2ebd11738c9b2c977d0de752fe42e3 to your computer and use it in GitHub Desktop.
This is a quick script that will generate certificates for harbor and SSL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
echo "This script will generate the requires certificates for harbour" | |
if [ -z "$1" ] | |
then | |
echo "No hostname or IP address specified for certificate" | |
exit 1 | |
fi | |
openssl genrsa -out ca.key 4096 | |
openssl req -x509 -new -nodes -sha512 -days 3650 \ | |
-subj "/C=UK/ST=Yorkshire/L=Yorkshire/O=fnnrn.me/OU=Personal/CN=$1" \ | |
-key ca.key \ | |
-out ca.crt | |
openssl genrsa -out $1.key 4096 | |
openssl req -sha512 -new \ | |
-subj "/C=UK/ST=Yorkshire/L=Yorkshire/O=fnnrn.me/OU=Personal/CN=$1" \ | |
-key $1.key \ | |
-out $1.csr | |
# This will strip the domain | |
HOSTNAME=`echo "$1" | cut -d '.' -f1` | |
cat > v3.ext <<-EOF | |
authorityKeyIdentifier=keyid,issuer | |
basicConstraints=CA:FALSE | |
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment | |
extendedKeyUsage = serverAuth | |
subjectAltName = @alt_names | |
[alt_names] | |
DNS.1=$1 | |
DNS.2=$HOSTNAME | |
EOF | |
openssl x509 -req -sha512 -days 3650 \ | |
-extfile v3.ext \ | |
-CA ca.crt -CAkey ca.key -CAcreateserial \ | |
-in $1.csr \ | |
-out $1.crt | |
echo "Making relevant directory tree ./data/cert" | |
mkdir -p ./data/cert | |
cp $1.crt ./data/cert | |
cp $1.key ./data/cert | |
echo "Making Docker configuration" | |
mkdir -p ./docker/certs.d/$1/ | |
openssl x509 -inform PEM -in $1.crt -out $1.cert | |
cp $1.cert ./docker/certs.d/$1/ | |
cp $1.key ./docker/certs.d/$1/ | |
cp ca.crt ./docker/certs.d/$1/ | |
echo "The docker directory needs moving/copying to /etc" | |
echo "The ./data/certs directory needs referring too in harbor.cfg" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment