#!/bin/bashset -xeHOSTNAME=$(hostname)CLIENTNAME=mercycat <<EOF >ca-confi

1. #!/bin/bash
2.  
3. set -xe
4.  
5. HOSTNAME=$(hostname)
6. CLIENTNAME=mercy
7.  
8. cat <<EOF >ca-config.json
9. {
10. "signing": {
11. "default": {
12. "expiry": "8760h"
13. },
14. "profiles": {
15. "server": {
16. "expiry": "8760h",
17. "usages": [
18. "signing",
19. "key encipherment",
20. "server auth"
21. ]
22. },
23. "client": {
24. "expiry": "8760h",
25. "usages": [
26. "signing",
27. "key encipherment",
28. "client auth"
29. ]
30. },
31. "peer": {
32. "expiry": "8760h",
33. "usages": [
34. "signing",
35. "key encipherment",
36. "server auth",
37. "client auth"
38. ]
39. }
40. }
41. }
42. }
43. EOF
44.  
45. cat <<EOF >ca-csr.json
46. {
47. "CN": "ACME Company",
48. "key": {
49. "algo": "rsa",
50. "size": 2048
51. },
52. "names": [
53. {
54. "C": "US",
55. "L": "Missouri",
56. "ST": "Saint Louis",
57. "O": "OverWatch",
58. "OU": "OverWatch"
59. }
60. ]
61. }
62. EOF
63.  
64.  
65. cat <<EOF >server-csr.json
66. {
67. "CN": "${HOSTNAME}",
68. "key": {
69. "algo": "rsa",
70. "size": 2048
71. },
72. "hosts": [
73. "${HOSTNAME}"
74. ],
75. "names": [
76. {
77. "C": "US",
78. "L": "Missouri",
79. "ST": "Saint Louis",
80. "O": "OverWatch",
81. "OU": "OverWatch"
82. }
83. ]
84. }
85. EOF
86.  
87. cat <<EOF >client-csr.json
88. {
89. "CN": "${CLIENTNAME}",
90. "key": {
91. "algo": "rsa",
92. "size": 2048
93. },
94. "hosts": [
95. "${HOSTNAME}"
96. ],
97. "names": [
98. {
99. "C": "US",
100. "L": "Missouri",
101. "ST": "Saint Louis",
102. "O": "OverWatch",
103. "OU": "OverWatch"
104. }
105. ]
106. }
107. EOF
108.  
109. cfssl gencert -initca ca-csr.json | cfssljson -bare ca -
110. cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=server server-csr.json | cfssljson -bare server -
111. cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=client client-csr.json | cfssljson -base client -