Created
January 6, 2015 16:43
-
-
Save technolo-g/6d8b4eb889f4897697cb to your computer and use it in GitHub Desktop.
Generate Docker SSL Certificates
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| echo 'Creating CA (ca-key.pem, ca.pem)' | |
| echo 01 > ca.srl | |
| openssl genrsa -des3 -passout pass:password -out ca-key.pem 2048 | |
| openssl req -new -passin pass:password \ | |
| -subj '/CN=Non-Prod Test CA/C=US' \ | |
| -x509 -days 365 -key ca-key.pem -out ca.pem | |
| echo 'Creating client certificates (key.pem, cert.pem)' | |
| openssl genrsa -des3 -passout pass:password -out key.pem 2048 | |
| openssl req -passin pass:password -subj '/CN=client' -new -key key.pem -out client.csr | |
| echo extendedKeyUsage = clientAuth > extfile.cnf | |
| openssl x509 -passin pass:password -req -days 365 -in client.csr -CA ca.pem -CAkey ca-key.pem -out cert.pem -extfile extfile.cnf | |
| openssl rsa -passin pass:password -in key.pem -out key.pem | |
| echo 'Creating host certificates (dockerhost01-5-key.pem, dockerhost01-5-cert.pem)' | |
| openssl genrsa -passout pass:password -des3 -out dockerhost01-key.pem 2048 | |
| openssl req -passin pass:password -subj '/CN=dockerhost01' -new -key dockerhost01-key.pem -out dockerhost01.csr | |
| openssl x509 -passin pass:password -req -days 365 -in dockerhost01.csr -CA ca.pem -CAkey ca-key.pem -out dockerhost01-cert.pem | |
| openssl rsa -passin pass:password -in dockerhost01-key.pem -out dockerhost01-key.pem | |
| openssl genrsa -passout pass:password -des3 -out dockerhost02-key.pem 2048 | |
| openssl req -passin pass:password -subj '/CN=dockerhost02' -new -key dockerhost02-key.pem -out dockerhost02.csr | |
| openssl x509 -passin pass:password -req -days 365 -in dockerhost02.csr -CA ca.pem -CAkey ca-key.pem -out dockerhost02-cert.pem | |
| openssl rsa -passin pass:password -in dockerhost02-key.pem -out dockerhost02-key.pem | |
| openssl genrsa -passout pass:password -des3 -out dockerhost03-key.pem 2048 | |
| openssl req -passin pass:password -subj '/CN=dockerhost03' -new -key dockerhost03-key.pem -out dockerhost03.csr | |
| openssl x509 -passin pass:password -req -days 365 -in dockerhost03.csr -CA ca.pem -CAkey ca-key.pem -out dockerhost03-cert.pem | |
| openssl rsa -passin pass:password -in dockerhost03-key.pem -out dockerhost03-key.pem | |
| openssl genrsa -passout pass:password -des3 -out dockerhost04-key.pem 2048 | |
| openssl req -passin pass:password -subj '/CN=dockerhost04' -new -key dockerhost04-key.pem -out dockerhost04.csr | |
| openssl x509 -passin pass:password -req -days 365 -in dockerhost04.csr -CA ca.pem -CAkey ca-key.pem -out dockerhost04-cert.pem | |
| openssl rsa -passin pass:password -in dockerhost04-key.pem -out dockerhost04-key.pem | |
| openssl genrsa -passout pass:password -des3 -out dockerhost05-key.pem 2048 | |
| openssl req -passin pass:password -subj '/CN=dockerhost05' -new -key dockerhost05-key.pem -out dockerhost05.csr | |
| openssl x509 -passin pass:password -req -days 365 -in dockerhost05.csr -CA ca.pem -CAkey ca-key.pem -out dockerhost05-cert.pem | |
| openssl rsa -passin pass:password -in dockerhost05-key.pem -out dockerhost05-key.pem | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment