#!/bin/bashset -ecerts=`dirname $0`/certsrm -rf $certs && mkdir -p $certs

1. #!/bin/bash
2.  
3. set -e
4.  
5. certs=`dirname $0`/certs
6.  
7. rm -rf $certs && mkdir -p $certs
8.  
9. cd $certs
10.  
11. echo "Generating CA..."
12. openssl genrsa -out rootCA.key 2048
13. yes "" | openssl req -x509 -new -nodes -key rootCA.key \
14. -out rootCA.pem -days 99999
15.  
16. function generateCert {
17. name=$1
18. ip=$2
19.  
20. cat >openssl-exts.conf <<-EOL
21. extensions = san
22. [san]
23. subjectAltName = IP:${ip}
24. EOL
25.  
26. echo "Generating private key..."
27. openssl genrsa -out ${name}.key 2048
28.  
29. echo "Generating certificate signing request for ${ip}..."
30. # golang requires to have SAN for the IP
31. openssl req -new -nodes -key ${name}.key \
32. -out ${name}.csr \
33. -subj "/C=US/O=BOSH/CN=${ip}"
34.  
35. echo "Generating certificate ${ip}..."
36. openssl x509 -req -in ${name}.csr \
37. -CA rootCA.pem -CAkey rootCA.key -CAcreateserial \
38. -out ${name}.crt -days 99999 \
39. -extfile ./openssl-exts.conf
40.  
41. echo "Deleting certificate signing request and config..."
42. rm ${name}.csr
43. rm ./openssl-exts.conf
44. }
45.  
46. generateCert director 10.244.4.2 # <--- Replace with public Director IP
47. generateCert uaa-web 10.244.4.2 # <--- Replace with public Director IP
48. generateCert uaa-sp 10.244.4.2 # <--- Replace with public Director IP
49.  
50. echo "Finished..."
51. ls -la .