vendor/github.com/coreos/etcd/integration/fixtures/gencerts.sh - cloudstack-kubernetes-provider - Git at Google

 #!/bin/bash

 if ! [[ "$0" =~ "./gencerts.sh" ]]; then
 	echo "must be run from 'fixtures'"
 	exit 255
 fi

 if ! which cfssl; then
 	echo "cfssl is not installed"
 	exit 255
 fi

 cfssl gencert --initca=true ./ca-csr.json | cfssljson --bare ./ca
 mv ca.pem ca.crt
 openssl x509 -in ca.crt -noout -text

 # generate DNS: localhost, IP: 127.0.0.1, CN: example.com certificates
 cfssl gencert \
     --ca ./ca.crt \
     --ca-key ./ca-key.pem \
     --config ./gencert.json \
     ./server-ca-csr.json | cfssljson --bare ./server
 mv server.pem server.crt
 mv server-key.pem server.key.insecure

 # generate DNS: localhost, IP: 127.0.0.1, CN: example2.com certificates
 cfssl gencert \
     --ca ./ca.crt \
     --ca-key ./ca-key.pem \
     --config ./gencert.json \
     ./server-ca-csr2.json | cfssljson --bare ./server2
 mv server2.pem server2.crt
 mv server2-key.pem server2.key.insecure

 # generate revoked certificates and crl
 cfssl gencert --ca ./ca.crt \
     --ca-key ./ca-key.pem \
     --config ./gencert.json \
     ./server-ca-csr.json 2>revoked.stderr | cfssljson --bare ./server-revoked
 mv server-revoked.pem server-revoked.crt
 mv server-revoked-key.pem server-revoked.key.insecure
 grep serial revoked.stderr | awk ' { print $9 } ' >revoke.txt
 cfssl gencrl revoke.txt ca.crt ca-key.pem | base64 --decode >revoke.crl

 # generate wildcard certificates DNS: *.etcd.local
 cfssl gencert \
     --ca ./ca.crt \
     --ca-key ./ca-key.pem \
     --config ./gencert.json \
     ./server-ca-csr-wildcard.json | cfssljson --bare ./server-wildcard
 mv server-wildcard.pem server-wildcard.crt
 mv server-wildcard-key.pem server-wildcard.key.insecure


 rm -f *.csr *.pem *.stderr *.txt
	#!/bin/bash

	if ! [[ "$0" =~ "./gencerts.sh" ]]; then
	echo "must be run from 'fixtures'"
	exit 255
	fi

	if ! which cfssl; then
	echo "cfssl is not installed"
	exit 255
	fi

	cfssl gencert --initca=true ./ca-csr.json \| cfssljson --bare ./ca
	mv ca.pem ca.crt
	openssl x509 -in ca.crt -noout -text

	# generate DNS: localhost, IP: 127.0.0.1, CN: example.com certificates
	cfssl gencert \
	--ca ./ca.crt \
	--ca-key ./ca-key.pem \
	--config ./gencert.json \
	./server-ca-csr.json \| cfssljson --bare ./server
	mv server.pem server.crt
	mv server-key.pem server.key.insecure

	# generate DNS: localhost, IP: 127.0.0.1, CN: example2.com certificates
	cfssl gencert \
	--ca ./ca.crt \
	--ca-key ./ca-key.pem \
	--config ./gencert.json \
	./server-ca-csr2.json \| cfssljson --bare ./server2
	mv server2.pem server2.crt
	mv server2-key.pem server2.key.insecure

	# generate revoked certificates and crl
	cfssl gencert --ca ./ca.crt \
	--ca-key ./ca-key.pem \
	--config ./gencert.json \
	./server-ca-csr.json 2>revoked.stderr \| cfssljson --bare ./server-revoked
	mv server-revoked.pem server-revoked.crt
	mv server-revoked-key.pem server-revoked.key.insecure
	grep serial revoked.stderr \| awk ' { print $9 } ' >revoke.txt
	cfssl gencrl revoke.txt ca.crt ca-key.pem \| base64 --decode >revoke.crl

	# generate wildcard certificates DNS: *.etcd.local
	cfssl gencert \
	--ca ./ca.crt \
	--ca-key ./ca-key.pem \
	--config ./gencert.json \
	./server-ca-csr-wildcard.json \| cfssljson --bare ./server-wildcard
	mv server-wildcard.pem server-wildcard.crt
	mv server-wildcard-key.pem server-wildcard.key.insecure


	rm -f .csr .pem .stderr .txt