trinitor/log_collection_docker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
7ae0b0024164695a7e7f2427db58c844b955e327
log_collection_docker/data/setup/build/02_generate_certificates.sh
Trinitor 7ae0b00241 first commit
2022-12-27 21:59:06 +01:00

109 lines
5.9 KiB
Bash
Raw Blame History

#!/bin/bash
if [ ! -f /data/certificates/certs/opensearch-ca.key ]
then
echo "generating CA"
mkdir -p /data/certificates/certs/
openssl genrsa -out /data/certificates/certs/opensearch-ca.key 2048
openssl req -new -x509 -sha256 -days 3650 -subj "/C=US/ST=NY/L=IT/O=security/CN=opensearch-ca" -key /data/certificates/certs/opensearch-ca.key -out /data/certificates/certs/opensearch-ca.pem
openssl x509 -noout -subject -in /data/certificates/certs/opensearch-ca.pem
fi
if [ ! -f /data/certificates/certs/opensearch-admin.key ]
then
echo "generating admin user key"
mkdir -p /data/certificates/certs/
openssl genrsa -out /data/certificates/certs/opensearch-admin_rsa.key 2048
openssl pkcs8 -v1 PBE-SHA1-3DES -nocrypt -in /data/certificates/certs/opensearch-admin_rsa.key -topk8 -out /data/certificates/certs/opensearch-admin.key
openssl req -new -inform PEM -outform PEM -subj "/C=US/ST=NY/L=IT/O=security/CN=admin" -key /data/certificates/certs/opensearch-admin.key -out /data/certificates/certs/opensearch-admin.csr
openssl x509 -req -days 3650 -in /data/certificates/certs/opensearch-admin.csr -CA /data/certificates/certs/opensearch-ca.pem -CAkey /data/certificates/certs/opensearch-ca.key -CAcreateserial -sha256 -out /data/certificates/certs/opensearch-admin.pem
#openssl verify -CAfile /data/certificates/certs/opensearch-ca.pem /data/certificates/certs/opensearch-admin.pem
#openssl x509 -noout -subject -in /data/certificates/certs/opensearch-admin.pem
fi
if [ ! -f /data/opensearch-node1/certs/opensearch-node1.key ]
then
for NODE_NAME in "node1" "node2"
do
echo "generating certificate opensearch-$NODE_NAME"
mkdir -p /data/opensearch-$NODE_NAME/certs/
cat << EOF > /tmp/request.conf
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = US
ST = NY
L = IT
O = security
CN = opensearch-$NODE_NAME
[v3_req]
keyUsage = keyEncipherment, dataEncipherment, digitalSignature, nonRepudiation
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = docker-cluster
DNS.2 = opensearch-$NODE_NAME
RID.1 = 1.2.3.4.5.5
EOF
openssl genrsa -out /data/opensearch-$NODE_NAME/certs/opensearch-$NODE_NAME-rsa.key 2048
openssl pkcs8 -inform PEM -outform PEM -in /data/opensearch-$NODE_NAME/certs/opensearch-$NODE_NAME-rsa.key -topk8 -nocrypt -v1 PBE-SHA1-3DES -out /data/opensearch-$NODE_NAME/certs/opensearch-$NODE_NAME.key
openssl req -new -config /tmp/request.conf -key /data/opensearch-$NODE_NAME/certs/opensearch-$NODE_NAME.key -out /data/opensearch-$NODE_NAME/certs/opensearch-$NODE_NAME.csr
openssl x509 -req -days 3650 -extfile /tmp/request.conf -extensions v3_req -in /data/opensearch-$NODE_NAME/certs/opensearch-$NODE_NAME.csr -CA /data/certificates/certs/opensearch-ca.pem -CAkey /data/certificates/certs/opensearch-ca.key -CAcreateserial -sha256 -out /data/opensearch-$NODE_NAME/certs/opensearch-$NODE_NAME.pem
cp /data/certificates/certs/opensearch-ca.pem /data/opensearch-$NODE_NAME/certs/
cp /data/certificates/certs/opensearch-admin.pem /data/opensearch-$NODE_NAME/certs/
cp /data/certificates/certs/opensearch-admin.key /data/opensearch-$NODE_NAME/certs/
#openssl verify -CAfile /data/opensearch-$NODE_NAME/certs/opensearch-ca.pem /data/opensearch-$NODE_NAME/certs/opensearch-$NODE_NAME.pem
#openssl x509 -text -in /data/opensearch-$NODE_NAME/certs/opensearch-$NODE_NAME.pem
done
fi
if [ ! -f /data/traefik/certs/traefik.key ]
then
echo "generating certificate traefik"
mkdir -p /data/traefik/certs/
cat << EOF > /tmp/request.conf
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = US
ST = NY
L = IT
O = security
CN = opensearch-lab
[v3_req]
keyUsage = keyEncipherment, dataEncipherment, digitalSignature, nonRepudiation
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = traefik.local
DNS.2 = opensearch.local
DNS.3 = grafana.local
EOF
##openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout /data/traefik/certs/server.key -out /data/traefik/certs/server.crt -subj "/C=US/ST=NY/L=IT/O=security/CN=logger"
#openssl genrsa -out /data/traefik/certs/traefik_rsa.key 2048
#openssl pkcs8 -inform PEM -outform PEM -in /data/traefik/certs/traefik_rsa.key -topk8 -nocrypt -v1 PBE-SHA1-3DES -out /data/traefik/certs/traefik.key
#openssl req -new -subj "/C=US/ST=NY/L=IT/O=security/CN=traefik" -key /data/traefik/certs/traefik.key -out /data/traefik/certs/traefik.csr
#openssl x509 -req -days 3650 -in /data/traefik/certs/traefik.csr -CA /data/certificates/certs/opensearch-ca.pem -CAkey /data/certificates/certs/opensearch-ca.key -CAcreateserial -sha256 -out /data/traefik/certs/traefik.pem
#openssl verify -CAfile /data/certificates/certs/opensearch-ca.pem /data/traefik/certs/traefik.pem
#openssl x509 -noout -subject -in /data/traefik/certs/traefik.pem
openssl genrsa -out /data/traefik/certs/server_rsa.key 2048
openssl pkcs8 -inform PEM -outform PEM -in /data/traefik/certs/server_rsa.key -topk8 -nocrypt -v1 PBE-SHA1-3DES -out /data/traefik/certs/server.key
openssl req -new -config /tmp/request.conf -key /data/traefik/certs/server.key -out /data/traefik/certs/server.csr
openssl x509 -req -days 3650 -extfile /tmp/request.conf -extensions v3_req -in /data/traefik/certs/server.csr -CA /data/certificates/certs/opensearch-ca.pem -CAkey /data/certificates/certs/opensearch-ca.key -CAcreateserial -sha256 -out /data/traefik/certs/server.pem
#openssl verify -CAfile /data/traefik/certs/server.pem /data/traefik/certs/server.pem
#openssl x509 -text -in /data/traefik/certs/server.pem
fi
sleep 2
Reference in New Issue View Git Blame Copy Permalink