devstack/tools/make_cert.sh at master · openstack/devstack

History

executable file

56 lines (43 loc) · 1.26 KB

Raw

#!/bin/bash

# **make_cert.sh**

# Create a CA hierarchy (if necessary) and server certificate

# This mimics the CA structure that DevStack sets up when ``tls_proxy`` is enabled

# but in the current directory unless ``DATA_DIR`` is set

ENABLE_TLS=True

DATA_DIR=${DATA_DIR:-`pwd`/ca-data}

ROOT_CA_DIR=$DATA_DIR/root

INT_CA_DIR=$DATA_DIR/int

# Import common functions

source $TOP_DIR/functions

# Import TLS functions

source lib/tls

function usage {

echo "$0 - Create CA and/or certs"

echo ""

echo "Usage: $0 commonName [orgUnit]"

exit 1

}

CN=$1

if [ -z "$CN" ]; then

usage

ORG_UNIT_NAME=${2:-$ORG_UNIT_NAME}

# Useful on OS/X

if [[ `uname -s` == 'Darwin' && -d /usr/local/Cellar/openssl ]]; then

# set up for brew-installed modern OpenSSL

OPENSSL_CONF=/usr/local/etc/openssl/openssl.cnf

OPENSSL=/usr/local/Cellar/openssl/*/bin/openssl

DEVSTACK_CERT_NAME=$CN

DEVSTACK_HOSTNAME=$CN

DEVSTACK_CERT=$DATA_DIR/$DEVSTACK_CERT_NAME.pem

# Make sure the CA is set up

configure_CA

fix_system_ca_bundle_path

init_CA

# Create the server cert

make_cert $INT_CA_DIR $DEVSTACK_CERT_NAME $DEVSTACK_HOSTNAME

# Create a cert bundle

cat $INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key \

$INT_CA_DIR/$DEVSTACK_CERT_NAME.crt $INT_CA_DIR/cacert.pem >$DEVSTACK_CERT

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

FilesExpand file tree

make_cert.sh

Latest commit

History

make_cert.sh

File metadata and controls