vendor/github.com/coreos/etcd/integration/fixtures-expired/gencerts.sh - cloudstack-kubernetes-provider - Git at Google

 #!/usr/bin/env bash
 set -e

 if ! [[ "$0" =~ "./gencerts.sh" ]]; then
 	echo "must be run from 'fixtures-expired'"
 	exit 255
 fi

 if which cfssl >/dev/null; then
     echo "cfssl is installed; generating certs"
 else
     echo "cfssl is not installed; exiting"
     exit 255
 fi

 cat > ./etcd-root-ca-csr.json <<EOF
 {
   "key": {
     "algo": "rsa",
     "size": 4096
   },
   "names": [
     {
       "O": "etcd",
       "OU": "etcd Security",
       "L": "San Francisco",
       "ST": "California",
       "C": "USA"
     }
   ],
   "CN": "etcd-root-ca",
   "ca": {
     "expiry": "1h"
   }
 }
 EOF

 cfssl gencert --initca=true ./etcd-root-ca-csr.json | cfssljson --bare ./etcd-root-ca

 cat > ./etcd-gencert.json <<EOF
 {
   "signing": {
     "default": {
         "usages": [
           "signing",
           "key encipherment",
           "server auth",
           "client auth"
         ],
         "expiry": "1h"
     }
   }
 }
 EOF

 cat > ./server-ca-csr.json <<EOF
 {
   "key": {
     "algo": "rsa",
     "size": 4096
   },
   "names": [
     {
       "O": "etcd",
       "OU": "etcd Security",
       "L": "San Francisco",
       "ST": "California",
       "C": "USA"
     }
   ],
   "CN": "example.com",
   "hosts": [
     "127.0.0.1",
     "localhost"
   ]
 }
 EOF

 cfssl gencert \
     --ca ./etcd-root-ca.pem \
     --ca-key ./etcd-root-ca-key.pem \
     --config ./etcd-gencert.json \
     ./server-ca-csr.json | cfssljson --bare ./server

 rm ./*.json
 rm ./*.csr

 if which openssl >/dev/null; then
     openssl x509 -in ./etcd-root-ca.pem -text -noout
     openssl x509 -in ./server.pem -text -noout
 fi
	#!/usr/bin/env bash
	set -e

	if ! [[ "$0" =~ "./gencerts.sh" ]]; then
	echo "must be run from 'fixtures-expired'"
	exit 255
	fi

	if which cfssl >/dev/null; then
	echo "cfssl is installed; generating certs"
	else
	echo "cfssl is not installed; exiting"
	exit 255
	fi

	cat > ./etcd-root-ca-csr.json <<EOF
	{
	"key": {
	"algo": "rsa",
	"size": 4096
	},
	"names": [
	{
	"O": "etcd",
	"OU": "etcd Security",
	"L": "San Francisco",
	"ST": "California",
	"C": "USA"
	}
	],
	"CN": "etcd-root-ca",
	"ca": {
	"expiry": "1h"
	}
	}
	EOF

	cfssl gencert --initca=true ./etcd-root-ca-csr.json \| cfssljson --bare ./etcd-root-ca

	cat > ./etcd-gencert.json <<EOF
	{
	"signing": {
	"default": {
	"usages": [
	"signing",
	"key encipherment",
	"server auth",
	"client auth"
	],
	"expiry": "1h"
	}
	}
	}
	EOF

	cat > ./server-ca-csr.json <<EOF
	{
	"key": {
	"algo": "rsa",
	"size": 4096
	},
	"names": [
	{
	"O": "etcd",
	"OU": "etcd Security",
	"L": "San Francisco",
	"ST": "California",
	"C": "USA"
	}
	],
	"CN": "example.com",
	"hosts": [
	"127.0.0.1",
	"localhost"
	]
	}
	EOF

	cfssl gencert \
	--ca ./etcd-root-ca.pem \
	--ca-key ./etcd-root-ca-key.pem \
	--config ./etcd-gencert.json \
	./server-ca-csr.json \| cfssljson --bare ./server

	rm ./*.json
	rm ./*.csr

	if which openssl >/dev/null; then
	openssl x509 -in ./etcd-root-ca.pem -text -noout
	openssl x509 -in ./server.pem -text -noout
	fi