Created
July 28, 2023 05:05
-
-
Save mattmattox/3527ee5e9838da1aa0f743d6e24ce8d9 to your computer and use it in GitHub Desktop.
Revisions
-
mattmattox created this gist
Jul 28, 2023 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,32 @@ #!/bin/bash # Create CA private key if [ ! -f ca-private.pem ]; then openssl ecparam -name prime256v1 -genkey -noout -out ca-private.pem fi # Create CA public key openssl ec -in ca-private.pem -pubout -out ca-public.pem # Create self signed CA certificate openssl req -x509 -new -key ca-private.pem -days 365 -out ca.crt -subj "/CN=root.linkerd.cluster.local" # Create issuer private key if [ ! -f issuer-private.pem ]; then openssl ecparam -name prime256v1 -genkey -noout -out issuer-private.pem fi # Create issuer public key openssl ec -in issuer-private.pem -pubout -out issuer-public.pem # Create certificate signing request (BUG: the extension added here will be ignored by the signing) openssl req -new -key issuer-private.pem -out issuer.csr -subj "/CN=identity.linkerd.cluster.local" \ -addext basicConstraints=critical,CA:TRUE # Create issuer cert by signing request openssl x509 \ -extfile /etc/ssl/openssl.cnf \ -extensions v3_ca \ -req \ -in issuer.csr \ -days 180 \ -CA ca.crt \ -CAkey ca-private.pem \ -CAcreateserial \ -extensions v3_ca \ -out issuer.crt rm issuer.csr