Generate docker certs

docker-keygen

#!/bin/sh

echo "[$0] Working dir: $PWD"


echo 01 | tee ca.srl

# Create private key ca-key.pem
openssl genrsa -des3 -out ca-key.pem

# Create CA certificate ca.pem
openssl req -new -x509 -days 365 -key ca-key.pem -out ca.pem -subj "/C=VN/ST=HN/L=Hanoi/O=SmartOSC/OU=DevOps/CN=docker.tunght.com"


#
# SERVER
#

# Create server key server-key.pem
echo "[$0] TEMPORARY passphrase for server-key.pem"
openssl genrsa -des3 -out server-key.pem

# Create server certificate signing request server.csr
openssl req -new -key server-key.pem -out server.csr -subj "/C=VN/ST=HN/L=Hanoi/O=SmartOSC/OU=DevOps/CN=docker.tunght.com"

# Sign CSR and generate server certificate
openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca-key.pem -out server.pem

# Strip passphrase for docker
echo "[$0] EMPTY passphrase for server-key.pem"
openssl rsa -in server-key.pem -out server-key.pem

# Remove temp file
rm server.csr


#
# CLIENT
#

# Create client key key.pem
echo "[$0] TEMPORARY passphrase for key.pem"
openssl genrsa -des3 -out key.pem

# Create server certificate signing request client.csr
openssl req -new -key key.pem -out client.csr -subj "/C=VN/ST=HN/L=Hanoi/O=SmartOSC/OU=DevOps/CN=docker.tunght.com"

# Enable client authentication for the key
# Adding extended SSL attribute
if [ ! -f extfile.cnf ]; then
  echo extendedKeyUsage = clientAuth > extfile.cnf
fi

# Sign CSR and generate client certificate cert.pem
openssl x509 -req -days 365 -in client.csr -CA ca.pem -CAkey ca-key.pem -out cert.pem -extfile extfile.cnf

# Stripe passphrase for docker
echo "[$0] EMPTY passphrase for key.pem"
openssl rsa -in key.pem -out key.pem

# Remove temp file
rm client.csr
rm extfile.cnf


rm ca.srl