Browse code
Add tools/make_cert.sh
This allows use of either the DevStack CA or creating another CA
independent of stack.sh.
Change-Id: I055679b5fd06e830c8e6d7d7331c52dd8782d0b6
Dean Troyer authored on 2013/01/10 10:08:02Showing 3 changed files
| ... | ... |
@@ -189,7 +189,7 @@ subjectAltName = \$ENV::SUBJECT_ALT_NAME |
| 189 | 189 |
" >$ca_dir/signing.conf |
| 190 | 190 |
} |
| 191 | 191 |
|
| 192 |
-# Create root and intermediate CAs and an initial server cert |
|
| 192 |
+# Create root and intermediate CAs |
|
| 193 | 193 |
# init_CA |
| 194 | 194 |
function init_CA {
|
| 195 | 195 |
# Ensure CAs are built |
| ... | ... |
@@ -198,7 +198,11 @@ function init_CA {
|
| 198 | 198 |
|
| 199 | 199 |
# Create the CA bundle |
| 200 | 200 |
cat $ROOT_CA_DIR/cacert.pem $INT_CA_DIR/cacert.pem >>$INT_CA_DIR/ca-chain.pem |
| 201 |
+} |
|
| 201 | 202 |
|
| 203 |
+# Create an initial server cert |
|
| 204 |
+# init_cert |
|
| 205 |
+function init_cert {
|
|
| 202 | 206 |
if [[ ! -r $DEVSTACK_CERT ]]; then |
| 203 | 207 |
if [[ -n "$TLS_IP" ]]; then |
| 204 | 208 |
# Lie to let incomplete match routines work |
| 844 | 845 |
new file mode 100755 |
| ... | ... |
@@ -0,0 +1,55 @@ |
| 0 |
+#!/bin/bash |
|
| 1 |
+ |
|
| 2 |
+# **make_cert.sh** |
|
| 3 |
+ |
|
| 4 |
+# Create a CA hierarchy (if necessary) and server certificate |
|
| 5 |
+# |
|
| 6 |
+# This mimics the CA structure that DevStack sets up when ``tls_proxy`` is enabled |
|
| 7 |
+# but in the curent directory unless ``DATA_DIR`` is set |
|
| 8 |
+ |
|
| 9 |
+ENABLE_TLS=True |
|
| 10 |
+DATA_DIR=${DATA_DIR:-`pwd`/ca-data}
|
|
| 11 |
+ |
|
| 12 |
+ROOT_CA_DIR=$DATA_DIR/root |
|
| 13 |
+INT_CA_DIR=$DATA_DIR/int |
|
| 14 |
+ |
|
| 15 |
+# Import common functions |
|
| 16 |
+source $TOP_DIR/functions |
|
| 17 |
+ |
|
| 18 |
+# Import TLS functions |
|
| 19 |
+source lib/tls |
|
| 20 |
+ |
|
| 21 |
+function usage {
|
|
| 22 |
+ echo "$0 - Create CA and/or certs" |
|
| 23 |
+ echo "" |
|
| 24 |
+ echo "Usage: $0 commonName [orgUnit]" |
|
| 25 |
+ exit 1 |
|
| 26 |
+} |
|
| 27 |
+ |
|
| 28 |
+CN=$1 |
|
| 29 |
+if [ -z "$CN" ]]; then |
|
| 30 |
+ usage |
|
| 31 |
+fi |
|
| 32 |
+ORG_UNIT_NAME=${2:-$ORG_UNIT_NAME}
|
|
| 33 |
+ |
|
| 34 |
+# Useful on OS/X |
|
| 35 |
+if [[ `uname -s` == 'Darwin' && -d /usr/local/Cellar/openssl ]]; then |
|
| 36 |
+ # set up for brew-installed modern OpenSSL |
|
| 37 |
+ OPENSSL_CONF=/usr/local/etc/openssl/openssl.cnf |
|
| 38 |
+ OPENSSL=/usr/local/Cellar/openssl/*/bin/openssl |
|
| 39 |
+fi |
|
| 40 |
+ |
|
| 41 |
+DEVSTACK_CERT_NAME=$CN |
|
| 42 |
+DEVSTACK_HOSTNAME=$CN |
|
| 43 |
+DEVSTACK_CERT=$DATA_DIR/$DEVSTACK_CERT_NAME.pem |
|
| 44 |
+ |
|
| 45 |
+# Make sure the CA is set up |
|
| 46 |
+configure_CA |
|
| 47 |
+init_CA |
|
| 48 |
+ |
|
| 49 |
+# Create the server cert |
|
| 50 |
+make_cert $INT_CA_DIR $DEVSTACK_CERT_NAME $DEVSTACK_HOSTNAME |
|
| 51 |
+ |
|
| 52 |
+# Create a cert bundle |
|
| 53 |
+cat $INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key $INT_CA_DIR/$DEVSTACK_CERT_NAME.crt $INT_CA_DIR/cacert.pem >$DEVSTACK_CERT |
|
| 54 |
+ |