forked from spiffe/spire
-
Notifications
You must be signed in to change notification settings - Fork 0
/
generate_dummy_ca.sh
executable file
·27 lines (26 loc) · 902 Bytes
/
generate_dummy_ca.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
#!/usr/bin/env bash
#
# This script generates a new dummy CA certificate and key for use in the
# SPIRE development environment. Note that it will place the generated certificate
# and key in the configuration directory, replacing any existing dummy certificates.
#
openssl ecparam -name secp384r1 -genkey -noout -out dummy_upstream_ca.key
openssl req -new -x509 -key dummy_upstream_ca.key -out dummy_upstream_ca.crt -days 1825 -subj "/C=US/ST=/L=/O=SPIFFE/OU=/CN=/" -config <(
cat <<-EOF
[req]
default_bits = 2048
default_md = sha512
distinguished_name = dn
[ dn ]
[alt_names]
URI.1 = spiffe://local
[v3_req]
subjectKeyIdentifier=hash
basicConstraints=critical,CA:TRUE
keyUsage=critical,keyCertSign,cRLSign
subjectAltName = @alt_names
EOF
) -extensions 'v3_req'
cp dummy_upstream_ca.crt ../conf/server
mv dummy_upstream_ca.crt ../conf/agent/dummy_root_ca.crt
mv dummy_upstream_ca.key ../conf/server