tools/TLS/tls_key_generate.sh - skywalking - Git at Google

 #
 # Licensed to the Apache Software Foundation (ASF) under one or more
 # contributor license agreements.  See the NOTICE file distributed with
 # this work for additional information regarding copyright ownership.
 # The ASF licenses this file to You under the Apache License, Version 2.0
 # (the "License"); you may not use this file except in compliance with
 # the License.  You may obtain a copy of the License at
 #
 #    http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #

 # Changes these CN's to match your hosts in your environment if needed.
 SERVER_CN=${SERVER_CN:-localhost}
 CLIENT_CN=${CLIENT_CN:-localhost} # Used when doing mutual TLS

 echo Generate CA key:
 openssl genrsa -passout pass:1111 -des3 -out ca.key 4096
 echo Generate CA certificate:
 # Generates ca.crt which is the trustCertCollectionFile
 openssl req -passin pass:1111 -new -x509 -days 365 -key ca.key -out ca.crt -subj "/CN=${SERVER_CN}"
 echo Generate server key:
 openssl genrsa -passout pass:1111 -des3 -out server.key 4096
 echo Generate server signing request:
 openssl req -passin pass:1111 -new -key server.key -out server.csr -subj "/CN=${SERVER_CN}"
 echo Self-signed server certificate:
 # Generates server.crt which is the certChainFile for the server
 openssl x509 -req -passin pass:1111 -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
 echo Remove passphrase from server key:
 openssl rsa -passin pass:1111 -in server.key -out server.key
 echo Generate client key
 openssl genrsa -passout pass:1111 -des3 -out client.key 4096
 echo Generate client signing request:
 openssl req -passin pass:1111 -new -key client.key -out client.csr -subj "/CN=${CLIENT_CN}"
 echo Self-signed client certificate:
 # Generates client.crt which is the clientCertChainFile for the client (need for mutual TLS only)
 openssl x509 -passin pass:1111 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt
 echo Remove passphrase from client key:
 openssl rsa -passin pass:1111 -in client.key -out client.key
 echo Converting the private keys to X.509:
 # Generates client.pem which is the clientPrivateKeyFile for the Client (needed for mutual TLS only)
 openssl pkcs8 -topk8 -nocrypt -in client.key -out client.pem
 # Generates server.pem which is the privateKeyFile for the Server
 openssl pkcs8 -topk8 -nocrypt -in server.key -out server.pem
	#
	# Licensed to the Apache Software Foundation (ASF) under one or more
	# contributor license agreements. See the NOTICE file distributed with
	# this work for additional information regarding copyright ownership.
	# The ASF licenses this file to You under the Apache License, Version 2.0
	# (the "License"); you may not use this file except in compliance with
	# the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	#

	# Changes these CN's to match your hosts in your environment if needed.
	SERVER_CN=${SERVER_CN:-localhost}
	CLIENT_CN=${CLIENT_CN:-localhost} # Used when doing mutual TLS

	echo Generate CA key:
	openssl genrsa -passout pass:1111 -des3 -out ca.key 4096
	echo Generate CA certificate:
	# Generates ca.crt which is the trustCertCollectionFile
	openssl req -passin pass:1111 -new -x509 -days 365 -key ca.key -out ca.crt -subj "/CN=${SERVER_CN}"
	echo Generate server key:
	openssl genrsa -passout pass:1111 -des3 -out server.key 4096
	echo Generate server signing request:
	openssl req -passin pass:1111 -new -key server.key -out server.csr -subj "/CN=${SERVER_CN}"
	echo Self-signed server certificate:
	# Generates server.crt which is the certChainFile for the server
	openssl x509 -req -passin pass:1111 -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
	echo Remove passphrase from server key:
	openssl rsa -passin pass:1111 -in server.key -out server.key
	echo Generate client key
	openssl genrsa -passout pass:1111 -des3 -out client.key 4096
	echo Generate client signing request:
	openssl req -passin pass:1111 -new -key client.key -out client.csr -subj "/CN=${CLIENT_CN}"
	echo Self-signed client certificate:
	# Generates client.crt which is the clientCertChainFile for the client (need for mutual TLS only)
	openssl x509 -passin pass:1111 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt
	echo Remove passphrase from client key:
	openssl rsa -passin pass:1111 -in client.key -out client.key
	echo Converting the private keys to X.509:
	# Generates client.pem which is the clientPrivateKeyFile for the Client (needed for mutual TLS only)
	openssl pkcs8 -topk8 -nocrypt -in client.key -out client.pem
	# Generates server.pem which is the privateKeyFile for the Server
	openssl pkcs8 -topk8 -nocrypt -in server.key -out server.pem