Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@controller:~# /home/vagrant/octavia/bin/create_certificates.sh /etc/octavia/certs /home/vagrant/octavia/etc/certificates/openssl.cnf
- !!!!!!!!!!!!!!!Do not use this script for deployments!!!!!!!!!!!!!
- Please use the Octavia Certificate Configuration guide:
- https://docs.openstack.org/octavia/latest/admin/guides/certificates.html
- !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- /etc/octavia/certs
- Create the CA's private and public keypair (2k long)
- Generating RSA private key, 2048 bit long modulus (2 primes)
- ..................+++++
- ..........................................................................+++++
- e is 65537 (0x010001)
- You will be asked to enter some information about the certificate.
- Can't load /root/.rnd into RNG
- 140686280495552:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd
- Here is the certificate
- Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 4d:84:64:b1:d4:51:87:fd:eb:e0:46:78:76:91:bf:6d:ac:cf:0c:a3
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: C = US, ST = Denial, L = Springfield, O = Dis, CN = www.example.com
- Validity
- Not Before: Aug 6 09:55:21 2019 GMT
- Not After : Jul 24 09:55:21 2069 GMT
- Subject: C = US, ST = Denial, L = Springfield, O = Dis, CN = www.example.com
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:bd:d6:78:7e:0c:d7:2c:c8:40:12:a4:97:3e:1f:
- 29:41:76:1a:be:8e:25:74:5f:04:f2:6b:45:8b:c8:
- 0d:03:86:36:8b:1a:c6:99:34:ae:38:5d:02:55:da:
- df:ba:02:f5:3e:30:5b:c3:60:39:2f:f3:a7:87:b6:
- 74:ae:5c:29:f4:17:61:f3:fe:84:ae:09:e2:08:52:
- 1b:53:c6:d4:6c:29:d3:59:3d:0e:28:8b:dd:9d:6b:
- d3:c1:92:8e:cc:98:a4:9f:d6:70:82:b9:ca:dd:55:
- 32:7d:d8:5a:a3:be:6f:b2:08:b7:76:36:95:fa:95:
- 38:e8:e2:05:02:4f:98:24:4f:32:d0:d6:27:59:f2:
- 23:82:2e:69:ae:43:73:87:8e:30:e6:0d:db:95:ad:
- b1:3d:59:89:90:92:77:0c:bd:d1:fa:36:78:87:5c:
- 15:ed:90:60:86:ef:8d:99:13:04:30:00:f8:55:51:
- 96:1c:80:69:f8:ce:d9:e4:6a:5c:11:b2:87:3f:36:
- 33:e0:84:45:cb:9d:51:68:41:99:ca:29:4e:33:b3:
- 12:8e:f3:af:9b:0a:3b:2e:51:9c:6e:a3:0c:ca:d5:
- fb:54:78:30:9c:76:1a:f0:02:53:02:76:a0:92:52:
- dd:9b:e5:a1:19:d1:9f:78:ae:ae:92:e5:e8:06:da:
- 95:2f
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Subject Key Identifier:
- 8E:9D:B5:A6:1B:B9:EC:DA:AF:F8:D8:16:31:30:C9:5D:AF:52:AA:9F
- X509v3 Authority Key Identifier:
- keyid:8E:9D:B5:A6:1B:B9:EC:DA:AF:F8:D8:16:31:30:C9:5D:AF:52:AA:9F
- X509v3 Basic Constraints:
- CA:TRUE
- Signature Algorithm: sha256WithRSAEncryption
- 6b:17:81:95:b8:38:e7:a3:fd:25:2c:0c:23:1a:80:14:35:15:
- 8d:e2:94:73:75:20:28:9f:ca:da:3f:67:74:16:dd:fb:d1:13:
- f4:52:e3:24:04:c5:d4:fb:87:73:e3:4b:c5:20:97:65:58:92:
- bd:03:67:63:85:81:4e:0d:ac:05:a0:0c:b3:89:ba:7e:79:03:
- ed:e8:48:a4:fb:f5:86:00:c9:4c:41:2e:1d:7e:9f:50:d5:4c:
- ca:d9:f0:93:7d:37:3a:6a:92:55:8e:15:01:57:5b:12:9e:35:
- cc:0c:7e:8d:6c:e9:9f:96:f9:a2:30:51:a8:ee:49:8b:67:e4:
- 76:2c:57:0d:26:6e:3c:57:70:66:07:5a:dd:66:46:c4:78:1a:
- ab:94:af:0f:9f:65:9b:59:f9:32:f0:96:79:61:bc:06:73:2d:
- ab:94:af:0f:9f:65:9b:59:f9:32:f0:96:79:61:bc:06:73:2d:
- d6:16:73:75:47:e3:fe:01:ca:56:bb:e7:14:60:a6:e4:ee:a2:
- a1:6c:6a:2b:72:bf:51:9c:6f:7f:c3:b8:82:2b:a2:12:e6:20:
- ef:fc:3a:e4:eb:f7:6b:c4:9e:fb:2b:b4:1a:d3:15:39:ea:17:
- 1d:83:55:81:18:79:ff:b8:27:94:71:5f:dd:5c:98:ba:19:fa:
- df:c3:35:53:44:a1:97:f8:8a:41:3a:47:9c:3f:d3:2e:9b:6c:
- 0a:37:9c:f3
- Generate a server key and a CSR
- Can't load /root/.rnd into RNG
- 140709538226624:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd
- Generating a RSA private key
- ..........................................................................................................................+++++
- ...+++++
- writing new private key to 'client.key'
- -----
- Sign request
- Using configuration from /home/vagrant/octavia/etc/certificates/openssl.cnf
- Can't load /root/.rnd into RNG
- 140051813102016:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd
- Can't open .//index.txt.attr for reading, No such file or directory
- 140051813102016:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:72:fopen('.//index.txt.attr','r')
- 140051813102016:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:79:
- Check that the request matches the signature
- Signature ok
- Certificate Details:
- Serial Number: 1 (0x1)
- Validity
- Not Before: Aug 6 09:55:23 2019 GMT
- Not After : Jul 24 09:55:23 2069 GMT
- Subject:
- countryName = US
- stateOrProvinceName = Denial
- organizationName = Dis
- commonName = www.example.com
- X509v3 extensions:
- X509v3 Basic Constraints:
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Comment:
- OpenSSL Generated Certificate
- X509v3 Subject Key Identifier:
- B5:8F:D5:A6:1A:C8:9C:A0:83:A4:FB:73:B9:64:2E:D0:91:C4:40:B2
- X509v3 Authority Key Identifier:
- keyid:8E:9D:B5:A6:1B:B9:EC:DA:AF:F8:D8:16:31:30:C9:5D:AF:52:AA:9F
- Certificate is to be certified until Jul 24 09:55:23 2069 GMT (18250 days)
- Write out database with 1 new entries
- Data Base Updated
- Generate single pem client.pem
- Note: For production use the ca issuing the client certificate and the ca issuing the server
- certificate need to be different so a hacker can't just use the server certificate from a
- compromised amphora to control all the others.
- To use the certificates copy them to the directory specified in the octavia.conf
- root@controller:~#
Add Comment
Please, Sign In to add comment