root@controller:~# /home/vagrant/octavia/bin/create_certificates.sh /etc/octavia

1. root@controller:~# /home/vagrant/octavia/bin/create_certificates.sh /etc/octavia/certs /home/vagrant/octavia/etc/certificates/openssl.cnf
2. !!!!!!!!!!!!!!!Do not use this script for deployments!!!!!!!!!!!!!
3. Please use the Octavia Certificate Configuration guide:
4. https://docs.openstack.org/octavia/latest/admin/guides/certificates.html
5. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
6. /etc/octavia/certs
7. Create the CA's private and public keypair (2k long)
8. Generating RSA private key, 2048 bit long modulus (2 primes)
9. ..................+++++
10. ..........................................................................+++++
11. e is 65537 (0x010001)
12. You will be asked to enter some information about the certificate.
13. Can't load /root/.rnd into RNG
14. 140686280495552:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd
15. Here is the certificate
16. Certificate:
17. Data:
18. Version: 3 (0x2)
19. Serial Number:
20. 4d:84:64:b1:d4:51:87:fd:eb:e0:46:78:76:91:bf:6d:ac:cf:0c:a3
21. Signature Algorithm: sha256WithRSAEncryption
22. Issuer: C = US, ST = Denial, L = Springfield, O = Dis, CN = www.example.com
23. Validity
24. Not Before: Aug 6 09:55:21 2019 GMT
25. Not After : Jul 24 09:55:21 2069 GMT
26. Subject: C = US, ST = Denial, L = Springfield, O = Dis, CN = www.example.com
27. Subject Public Key Info:
28. Public Key Algorithm: rsaEncryption
29. Public Key Algorithm: rsaEncryption
30. RSA Public-Key: (2048 bit)
31. Modulus:
32. 00:bd:d6:78:7e:0c:d7:2c:c8:40:12:a4:97:3e:1f:
33. 29:41:76:1a:be:8e:25:74:5f:04:f2:6b:45:8b:c8:
34. 0d:03:86:36:8b:1a:c6:99:34:ae:38:5d:02:55:da:
35. df:ba:02:f5:3e:30:5b:c3:60:39:2f:f3:a7:87:b6:
36. 74:ae:5c:29:f4:17:61:f3:fe:84:ae:09:e2:08:52:
37. 1b:53:c6:d4:6c:29:d3:59:3d:0e:28:8b:dd:9d:6b:
38. d3:c1:92:8e:cc:98:a4:9f:d6:70:82:b9:ca:dd:55:
39. 32:7d:d8:5a:a3:be:6f:b2:08:b7:76:36:95:fa:95:
40. 38:e8:e2:05:02:4f:98:24:4f:32:d0:d6:27:59:f2:
41. 23:82:2e:69:ae:43:73:87:8e:30:e6:0d:db:95:ad:
42. b1:3d:59:89:90:92:77:0c:bd:d1:fa:36:78:87:5c:
43. 15:ed:90:60:86:ef:8d:99:13:04:30:00:f8:55:51:
44. 96:1c:80:69:f8:ce:d9:e4:6a:5c:11:b2:87:3f:36:
45. 33:e0:84:45:cb:9d:51:68:41:99:ca:29:4e:33:b3:
46. 12:8e:f3:af:9b:0a:3b:2e:51:9c:6e:a3:0c:ca:d5:
47. fb:54:78:30:9c:76:1a:f0:02:53:02:76:a0:92:52:
48. dd:9b:e5:a1:19:d1:9f:78:ae:ae:92:e5:e8:06:da:
49. 95:2f
50. Exponent: 65537 (0x10001)
51. X509v3 extensions:
52. X509v3 Subject Key Identifier:
53. 8E:9D:B5:A6:1B:B9:EC:DA:AF:F8:D8:16:31:30:C9:5D:AF:52:AA:9F
54. X509v3 Authority Key Identifier:
55. keyid:8E:9D:B5:A6:1B:B9:EC:DA:AF:F8:D8:16:31:30:C9:5D:AF:52:AA:9F
56.  
57. X509v3 Basic Constraints:
58. CA:TRUE
59. Signature Algorithm: sha256WithRSAEncryption
60. 6b:17:81:95:b8:38:e7:a3:fd:25:2c:0c:23:1a:80:14:35:15:
61. 8d:e2:94:73:75:20:28:9f:ca:da:3f:67:74:16:dd:fb:d1:13:
62. f4:52:e3:24:04:c5:d4:fb:87:73:e3:4b:c5:20:97:65:58:92:
63. bd:03:67:63:85:81:4e:0d:ac:05:a0:0c:b3:89:ba:7e:79:03:
64. ed:e8:48:a4:fb:f5:86:00:c9:4c:41:2e:1d:7e:9f:50:d5:4c:
65. ca:d9:f0:93:7d:37:3a:6a:92:55:8e:15:01:57:5b:12:9e:35:
66. cc:0c:7e:8d:6c:e9:9f:96:f9:a2:30:51:a8:ee:49:8b:67:e4:
67. 76:2c:57:0d:26:6e:3c:57:70:66:07:5a:dd:66:46:c4:78:1a:
68. ab:94:af:0f:9f:65:9b:59:f9:32:f0:96:79:61:bc:06:73:2d:
69. ab:94:af:0f:9f:65:9b:59:f9:32:f0:96:79:61:bc:06:73:2d:
70. d6:16:73:75:47:e3:fe:01:ca:56:bb:e7:14:60:a6:e4:ee:a2:
71. a1:6c:6a:2b:72:bf:51:9c:6f:7f:c3:b8:82:2b:a2:12:e6:20:
72. ef:fc:3a:e4:eb:f7:6b:c4:9e:fb:2b:b4:1a:d3:15:39:ea:17:
73. 1d:83:55:81:18:79:ff:b8:27:94:71:5f:dd:5c:98:ba:19:fa:
74. df:c3:35:53:44:a1:97:f8:8a:41:3a:47:9c:3f:d3:2e:9b:6c:
75. 0a:37:9c:f3
76. Generate a server key and a CSR
77. Can't load /root/.rnd into RNG
78. 140709538226624:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd
79. Generating a RSA private key
80. ..........................................................................................................................+++++
81. ...+++++
82. writing new private key to 'client.key'
83. -----
84. Sign request
85. Using configuration from /home/vagrant/octavia/etc/certificates/openssl.cnf
86. Can't load /root/.rnd into RNG
87. 140051813102016:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd
88. Can't open .//index.txt.attr for reading, No such file or directory
89. 140051813102016:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:72:fopen('.//index.txt.attr','r')
90. 140051813102016:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:79:
91. Check that the request matches the signature
92. Signature ok
93. Certificate Details:
94. Serial Number: 1 (0x1)
95. Validity
96. Not Before: Aug 6 09:55:23 2019 GMT
97. Not After : Jul 24 09:55:23 2069 GMT
98. Subject:
99. countryName = US
100. stateOrProvinceName = Denial
101. organizationName = Dis
102. commonName = www.example.com
103. X509v3 extensions:
104. X509v3 Basic Constraints:
105. X509v3 extensions:
106. X509v3 Basic Constraints:
107. CA:FALSE
108. Netscape Comment:
109. OpenSSL Generated Certificate
110. X509v3 Subject Key Identifier:
111. B5:8F:D5:A6:1A:C8:9C:A0:83:A4:FB:73:B9:64:2E:D0:91:C4:40:B2
112. X509v3 Authority Key Identifier:
113. keyid:8E:9D:B5:A6:1B:B9:EC:DA:AF:F8:D8:16:31:30:C9:5D:AF:52:AA:9F
114.  
115. Certificate is to be certified until Jul 24 09:55:23 2069 GMT (18250 days)
116.  
117. Write out database with 1 new entries
118. Data Base Updated
119. Generate single pem client.pem
120. Note: For production use the ca issuing the client certificate and the ca issuing the server
121. certificate need to be different so a hacker can't just use the server certificate from a
122. compromised amphora to control all the others.
123. To use the certificates copy them to the directory specified in the octavia.conf
124. root@controller:~#