Last active
September 5, 2017 22:42
-
-
Save haydonryan/165bd48b47bed51bdea7d85a993a634d to your computer and use it in GitHub Desktop.
Revisions
-
Haydon Ryan revised this gist
Aug 8, 2017 . 1 changed file with 3 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -38,8 +38,9 @@ req_extensions = v3_req [ v3_req ] # Extensions to add to a certificate request basicConstraints = critical, CA:true keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment, cRLSign, keyCertSign subjectKeyIdentifier = hash subjectAltName = @alt_names [alt_names] -
May 24, 2017 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -38,7 +38,7 @@ req_extensions = v3_req [ v3_req ] # Extensions to add to a certificate request basicConstraints = CA:TRUE keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectAltName = @alt_names -
May 24, 2017 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,61 @@ #!/bin/bash set -e if [[ ($# -ne 3) && ($# -ne 2) ]] then echo "wrong number of arguments:" echo "create_cert sys_domain app_domain" exit 1 fi SYS_DOMAIN=$1 APP_DOMAIN=$2 VIP=$3 SSL_FILE=sslconf-${SYS_DOMAIN}.conf #Generate SSL Config with SANs if [ ! -f $SSL_FILE ]; then cat > $SSL_FILE <<EOM [req] distinguished_name = req_distinguished_name req_extensions = v3_req [req_distinguished_name] #countryName = Country Name (2 letter code) #countryName_default = US #stateOrProvinceName = State or Province Name (full name) #stateOrProvinceName_default = TX #localityName = Locality Name (eg, city) #localityName_default = Frisco #organizationalUnitName = Organizational Unit Name (eg, section) #organizationalUnitName_default = Pivotal Labs #commonName = Pivotal #commonName_max = 64 [ v3_req ] # Extensions to add to a certificate request basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = *.${SYS_DOMAIN} #IP.1 = ${VIP} DNS.2 = *.login.${SYS_DOMAIN} #IP.2 = ${VIP} DNS.3 = *.uaa.${SYS_DOMAIN} #IP.3 = ${VIP} DNS.4 = *.${APP_DOMAIN} #IP.4 = ${VIP} EOM fi openssl genrsa -out ${SYS_DOMAIN}.key 2048 openssl req -new -out ${SYS_DOMAIN}.csr -subj "/CN=*.${SYS_DOMAIN}/O=Pivotal/C=US" -key ${SYS_DOMAIN}.key -config ${SSL_FILE} openssl req -text -noout -in ${SYS_DOMAIN}.csr openssl x509 -req -days 3650 -in ${SYS_DOMAIN}.csr -signkey ${SYS_DOMAIN}.key -out ${SYS_DOMAIN}.crt -extensions v3_req -extfile ${SSL_FILE} openssl x509 -in ${SYS_DOMAIN}.crt -text -noout
Haydon Ryan
revised
this gist