Gitiles
Code Review Sign In
spfactory.storpool.com / devstack / 9e81048bbb3b3adbfb7bd5307af9bce79290308c / . / tools / make_cert.sh
blob: 0212d0033a9b4e64d58a2fe6fda79a8e0f4a0799 [file] [log] [blame]
Dean Troyerca802172013-01-09 19:08:02 -0600[diff] [blame]1#!/bin/bash
2
3# **make_cert.sh**
4
5# Create a CA hierarchy (if necessary) and server certificate
6#
7# This mimics the CA structure that DevStack sets up when ``tls_proxy`` is enabled
Takashi NATSUMEb848ad72015-09-08 10:56:28 +0900[diff] [blame]8# but in the current directory unless ``DATA_DIR`` is set
Dean Troyerca802172013-01-09 19:08:02 -0600[diff] [blame]9
10ENABLE_TLS=True
11DATA_DIR=${DATA_DIR:-`pwd`/ca-data}
12
13ROOT_CA_DIR=$DATA_DIR/root
14INT_CA_DIR=$DATA_DIR/int
15
16# Import common functions
17source $TOP_DIR/functions
18
19# Import TLS functions
20source lib/tls
21
22function usage {
23 echo "$0 - Create CA and/or certs"
24 echo ""
25 echo "Usage: $0 commonName [orgUnit]"
26 exit 1
27}
28
29CN=$1
Roman Doboszac1b7232021-08-06 12:52:01 +0200[diff] [blame]30if [ -z "$CN" ]; then
Dean Troyerca802172013-01-09 19:08:02 -0600[diff] [blame]31 usage
32fi
33ORG_UNIT_NAME=${2:-$ORG_UNIT_NAME}
34
35# Useful on OS/X
36if [[ `uname -s` == 'Darwin' && -d /usr/local/Cellar/openssl ]]; then
37 # set up for brew-installed modern OpenSSL
38 OPENSSL_CONF=/usr/local/etc/openssl/openssl.cnf
39 OPENSSL=/usr/local/Cellar/openssl/*/bin/openssl
40fi
41
42DEVSTACK_CERT_NAME=$CN
43DEVSTACK_HOSTNAME=$CN
44DEVSTACK_CERT=$DATA_DIR/$DEVSTACK_CERT_NAME.pem
45
46# Make sure the CA is set up
47configure_CA
Daniel P. Berrangec30b8de2016-11-14 13:23:14 +0000[diff] [blame]48fix_system_ca_bundle_path
Dean Troyerca802172013-01-09 19:08:02 -0600[diff] [blame]49init_CA
50
51# Create the server cert
52make_cert $INT_CA_DIR $DEVSTACK_CERT_NAME $DEVSTACK_HOSTNAME
53
54# Create a cert bundle
Roman Doboszac1b7232021-08-06 12:52:01 +0200[diff] [blame]55cat $INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key \
56 $INT_CA_DIR/$DEVSTACK_CERT_NAME.crt $INT_CA_DIR/cacert.pem >$DEVSTACK_CERT