| Dean Troyer | ca80217 | 2013-01-09 19:08:02 -0600 | [diff] [blame] | 1 | #!/bin/bash |
| 2 | |
| 3 | # **make_cert.sh** |
| 4 | |
| 5 | # Create a CA hierarchy (if necessary) and server certificate |
| 6 | # |
| 7 | # This mimics the CA structure that DevStack sets up when ``tls_proxy`` is enabled |
| 8 | # but in the curent directory unless ``DATA_DIR`` is set |
| 9 | |
| 10 | ENABLE_TLS=True |
| 11 | DATA_DIR=${DATA_DIR:-`pwd`/ca-data} |
| 12 | |
| 13 | ROOT_CA_DIR=$DATA_DIR/root |
| 14 | INT_CA_DIR=$DATA_DIR/int |
| 15 | |
| 16 | # Import common functions |
| 17 | source $TOP_DIR/functions |
| 18 | |
| 19 | # Import TLS functions |
| 20 | source lib/tls |
| 21 | |
| 22 | function usage { |
| 23 | echo "$0 - Create CA and/or certs" |
| 24 | echo "" |
| 25 | echo "Usage: $0 commonName [orgUnit]" |
| 26 | exit 1 |
| 27 | } |
| 28 | |
| 29 | CN=$1 |
| 30 | if [ -z "$CN" ]]; then |
| 31 | usage |
| 32 | fi |
| 33 | ORG_UNIT_NAME=${2:-$ORG_UNIT_NAME} |
| 34 | |
| 35 | # Useful on OS/X |
| 36 | if [[ `uname -s` == 'Darwin' && -d /usr/local/Cellar/openssl ]]; then |
| 37 | # set up for brew-installed modern OpenSSL |
| 38 | OPENSSL_CONF=/usr/local/etc/openssl/openssl.cnf |
| 39 | OPENSSL=/usr/local/Cellar/openssl/*/bin/openssl |
| 40 | fi |
| 41 | |
| 42 | DEVSTACK_CERT_NAME=$CN |
| 43 | DEVSTACK_HOSTNAME=$CN |
| 44 | DEVSTACK_CERT=$DATA_DIR/$DEVSTACK_CERT_NAME.pem |
| 45 | |
| 46 | # Make sure the CA is set up |
| 47 | configure_CA |
| 48 | init_CA |
| 49 | |
| 50 | # Create the server cert |
| 51 | make_cert $INT_CA_DIR $DEVSTACK_CERT_NAME $DEVSTACK_HOSTNAME |
| 52 | |
| 53 | # Create a cert bundle |
| 54 | cat $INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key $INT_CA_DIR/$DEVSTACK_CERT_NAME.crt $INT_CA_DIR/cacert.pem >$DEVSTACK_CERT |
| 55 | |