| #!/bin/bash |
| |
| # **make_cert.sh** |
| |
| # Create a CA hierarchy (if necessary) and server certificate |
| # |
| # This mimics the CA structure that DevStack sets up when ``tls_proxy`` is enabled |
| # but in the current directory unless ``DATA_DIR`` is set |
| |
| ENABLE_TLS=True |
| DATA_DIR=${DATA_DIR:-`pwd`/ca-data} |
| |
| ROOT_CA_DIR=$DATA_DIR/root |
| INT_CA_DIR=$DATA_DIR/int |
| |
| # Import common functions |
| source $TOP_DIR/functions |
| |
| # Import TLS functions |
| source lib/tls |
| |
| function usage { |
| echo "$0 - Create CA and/or certs" |
| echo "" |
| echo "Usage: $0 commonName [orgUnit]" |
| exit 1 |
| } |
| |
| CN=$1 |
| if [ -z "$CN" ]; then |
| usage |
| fi |
| ORG_UNIT_NAME=${2:-$ORG_UNIT_NAME} |
| |
| # Useful on OS/X |
| if [[ `uname -s` == 'Darwin' && -d /usr/local/Cellar/openssl ]]; then |
| # set up for brew-installed modern OpenSSL |
| OPENSSL_CONF=/usr/local/etc/openssl/openssl.cnf |
| OPENSSL=/usr/local/Cellar/openssl/*/bin/openssl |
| fi |
| |
| DEVSTACK_CERT_NAME=$CN |
| DEVSTACK_HOSTNAME=$CN |
| DEVSTACK_CERT=$DATA_DIR/$DEVSTACK_CERT_NAME.pem |
| |
| # Make sure the CA is set up |
| configure_CA |
| fix_system_ca_bundle_path |
| init_CA |
| |
| # Create the server cert |
| make_cert $INT_CA_DIR $DEVSTACK_CERT_NAME $DEVSTACK_HOSTNAME |
| |
| # Create a cert bundle |
| cat $INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key \ |
| $INT_CA_DIR/$DEVSTACK_CERT_NAME.crt $INT_CA_DIR/cacert.pem >$DEVSTACK_CERT |