| Dean Troyer | ca80217 | 2013-01-09 19:08:02 -0600 | [diff] [blame] | 1 | #!/bin/bash | 
|  | 2 |  | 
|  | 3 | # **make_cert.sh** | 
|  | 4 |  | 
|  | 5 | # Create a CA hierarchy (if necessary) and server certificate | 
|  | 6 | # | 
|  | 7 | # This mimics the CA structure that DevStack sets up when ``tls_proxy`` is enabled | 
| Takashi NATSUME | b848ad7 | 2015-09-08 10:56:28 +0900 | [diff] [blame] | 8 | # but in the current directory unless ``DATA_DIR`` is set | 
| Dean Troyer | ca80217 | 2013-01-09 19:08:02 -0600 | [diff] [blame] | 9 |  | 
|  | 10 | ENABLE_TLS=True | 
|  | 11 | DATA_DIR=${DATA_DIR:-`pwd`/ca-data} | 
|  | 12 |  | 
|  | 13 | ROOT_CA_DIR=$DATA_DIR/root | 
|  | 14 | INT_CA_DIR=$DATA_DIR/int | 
|  | 15 |  | 
|  | 16 | # Import common functions | 
|  | 17 | source $TOP_DIR/functions | 
|  | 18 |  | 
|  | 19 | # Import TLS functions | 
|  | 20 | source lib/tls | 
|  | 21 |  | 
|  | 22 | function usage { | 
|  | 23 | echo "$0 - Create CA and/or certs" | 
|  | 24 | echo "" | 
|  | 25 | echo "Usage: $0 commonName [orgUnit]" | 
|  | 26 | exit 1 | 
|  | 27 | } | 
|  | 28 |  | 
|  | 29 | CN=$1 | 
|  | 30 | if [ -z "$CN" ]]; then | 
|  | 31 | usage | 
|  | 32 | fi | 
|  | 33 | ORG_UNIT_NAME=${2:-$ORG_UNIT_NAME} | 
|  | 34 |  | 
|  | 35 | # Useful on OS/X | 
|  | 36 | if [[ `uname -s` == 'Darwin' && -d /usr/local/Cellar/openssl ]]; then | 
|  | 37 | # set up for brew-installed modern OpenSSL | 
|  | 38 | OPENSSL_CONF=/usr/local/etc/openssl/openssl.cnf | 
|  | 39 | OPENSSL=/usr/local/Cellar/openssl/*/bin/openssl | 
|  | 40 | fi | 
|  | 41 |  | 
|  | 42 | DEVSTACK_CERT_NAME=$CN | 
|  | 43 | DEVSTACK_HOSTNAME=$CN | 
|  | 44 | DEVSTACK_CERT=$DATA_DIR/$DEVSTACK_CERT_NAME.pem | 
|  | 45 |  | 
|  | 46 | # Make sure the CA is set up | 
|  | 47 | configure_CA | 
| Daniel P. Berrange | c30b8de | 2016-11-14 13:23:14 +0000 | [diff] [blame] | 48 | fix_system_ca_bundle_path | 
| Dean Troyer | ca80217 | 2013-01-09 19:08:02 -0600 | [diff] [blame] | 49 | init_CA | 
|  | 50 |  | 
|  | 51 | # Create the server cert | 
|  | 52 | make_cert $INT_CA_DIR $DEVSTACK_CERT_NAME $DEVSTACK_HOSTNAME | 
|  | 53 |  | 
|  | 54 | # Create a cert bundle | 
|  | 55 | cat $INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key $INT_CA_DIR/$DEVSTACK_CERT_NAME.crt $INT_CA_DIR/cacert.pem >$DEVSTACK_CERT | 
|  | 56 |  |