Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- set -xe
- HOSTNAME=$(hostname)
- CLIENTNAME=mercy
- cat <<EOF >ca-config.json
- {
- "signing": {
- "default": {
- "expiry": "8760h"
- },
- "profiles": {
- "server": {
- "expiry": "8760h",
- "usages": [
- "signing",
- "key encipherment",
- "server auth"
- ]
- },
- "client": {
- "expiry": "8760h",
- "usages": [
- "signing",
- "key encipherment",
- "client auth"
- ]
- },
- "peer": {
- "expiry": "8760h",
- "usages": [
- "signing",
- "key encipherment",
- "server auth",
- "client auth"
- ]
- }
- }
- }
- }
- EOF
- cat <<EOF >ca-csr.json
- {
- "CN": "ACME Company",
- "key": {
- "algo": "rsa",
- "size": 2048
- },
- "names": [
- {
- "C": "US",
- "L": "Missouri",
- "ST": "Saint Louis",
- "O": "OverWatch",
- "OU": "OverWatch"
- }
- ]
- }
- EOF
- cat <<EOF >server-csr.json
- {
- "CN": "${HOSTNAME}",
- "key": {
- "algo": "rsa",
- "size": 2048
- },
- "hosts": [
- "${HOSTNAME}"
- ],
- "names": [
- {
- "C": "US",
- "L": "Missouri",
- "ST": "Saint Louis",
- "O": "OverWatch",
- "OU": "OverWatch"
- }
- ]
- }
- EOF
- cat <<EOF >client-csr.json
- {
- "CN": "${CLIENTNAME}",
- "key": {
- "algo": "rsa",
- "size": 2048
- },
- "hosts": [
- "${HOSTNAME}"
- ],
- "names": [
- {
- "C": "US",
- "L": "Missouri",
- "ST": "Saint Louis",
- "O": "OverWatch",
- "OU": "OverWatch"
- }
- ]
- }
- EOF
- cfssl gencert -initca ca-csr.json | cfssljson -bare ca -
- cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=server server-csr.json | cfssljson -bare server -
- cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=client client-csr.json | cfssljson -base client -
Add Comment
Please, Sign In to add comment