Skip to content

Commit 9668988

Browse files
ZPascalZPascal
authored
fix: Adapt the SSL config and settings (#15)
* fix: Adapt the TLS config and settings
1 parent 879d16f commit 9668988

File tree

2 files changed

+14
-28
lines changed

2 files changed

+14
-28
lines changed

scripts/ssl/config/client_loki.conf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
client_promtail.conf[req]
1+
[req]
22
distinguished_name = req_distinguished_name
33
req_extensions = v3_req
44
default_bits = 4096

scripts/ssl/create-tls-certs.sh

Lines changed: 13 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -19,52 +19,38 @@ openssl req -new -x509 -sha256 -newkey rsa:4096 -nodes -keyout ca_loki.key -out
1919

2020
# Create the Promtail ca
2121
echo "Create the Promtail ca"
22-
openssl req -new -x509 -sha256 -newkey rsa:4096 -nodes -keyout ca_promtail.key -out ca_promtail.crt -days 3650 \
23-
-extensions ext \
24-
-config $path/ca_promtail.conf
22+
openssl req -new -x509 -sha256 -newkey rsa:4096 -nodes -keyout ca_promtail.key -out ca_promtail.crt -days 3650 -extensions ext -config $path/ca_promtail.conf
2523

2624
# Create the server certificates
2725
echo "Create the Loki server certificates"
2826
openssl genrsa -out loki.key 4096
29-
openssl req -new -key loki.key -out loki.csr \
30-
-extensions v3_req \
31-
-config $path/server_loki.conf
32-
openssl x509 -inform der -req -days 1825 -in loki.csr -CA ca_loki.crt -CAkey ca_loki.key -CAcreateserial -out loki.pem -extensions v3_req -extfile $path/server_loki.conf
27+
openssl req -new -key loki.key -out loki.csr -extensions v3_req -config $path/server_loki.conf
28+
openssl x509 -inform pem -req -days 1825 -in loki.csr -CA ca_loki.crt -CAkey ca_loki.key -CAcreateserial -out loki.pem -extensions v3_req -extfile $path/server_loki.conf
3329

3430
# Create the Promtail certificates
3531
echo "Create the Promtail server certificates"
3632
openssl genrsa -out promtail.key 4096
37-
openssl req -new -key promtail.key -out promtail.csr \
38-
-extensions v3_req \
39-
-config $path/server_promtail.conf
40-
openssl x509 -inform der -req -days 1825 -in promtail.csr -CA ca_promtail.crt -CAkey ca_promtail.key -CAcreateserial -out promtail.pem -extensions v3_req -extfile $path/server_promtail.conf
33+
openssl req -new -key promtail.key -out promtail.csr -extensions v3_req -config $path/server_promtail.conf
34+
openssl x509 -inform pem -req -days 1825 -in promtail.csr -CA ca_promtail.crt -CAkey ca_promtail.key -CAcreateserial -out promtail.pem -extensions v3_req -extfile $path/server_promtail.conf
4135

4236
# Create the Syslog certificates
4337
echo "Create the Syslog server certificates"
4438
openssl genrsa -out syslog.key 4096
45-
openssl req -new -key syslog.key -out syslog.csr \
46-
-extensions v3_req \
47-
-config $path/server_syslog.conf
48-
openssl x509 -inform der -req -days 1825 -in syslog.csr -CA ca_syslog.crt -CAkey ca_syslog.key -CAcreateserial -out syslog.pem -extensions v3_req -extfile $path/server_syslog.conf
39+
openssl req -new -key syslog.key -out syslog.csr -extensions v3_req -config $path/server_syslog.conf
40+
openssl x509 -inform pem -req -days 1825 -in syslog.csr -CA ca_syslog.crt -CAkey ca_syslog.key -CAcreateserial -out syslog.pem -extensions v3_req -extfile $path/server_syslog.conf
4941

5042
# Create the client certificates
5143
echo "Create the Grafana client certificates"
5244
openssl genrsa -out grafana_client.key 4096
53-
openssl req -new -key grafana_client.key -out grafana_client.csr \
54-
-extensions v3_req \
55-
-config $path/client_loki.conf
56-
openssl x509 -req -days 1825 -in grafana_client.csr -CA ca_loki.crt -CAkey ca_loki.key -CAcreateserial -out grafana_client.crt -extensions v3_req -extfile $path/client_loki.conf
45+
openssl req -new -key grafana_client.key -out grafana_client.csr -extensions v3_req -config $path/client_loki.conf
46+
openssl x509 -inform pem -req -days 1825 -in grafana_client.csr -CA ca_loki.crt -CAkey ca_loki.key -CAcreateserial -out grafana_client.pem -extensions v3_req -extfile $path/client_loki.conf
5747

5848
echo "Create the Loki client certificates"
5949
openssl genrsa -out loki_client.key 4096
60-
openssl req -new -key loki_client.key -out loki_client.csr \
61-
-extensions v3_req \
62-
-config $path/client_promtail.conf
63-
openssl x509 -req -days 1825 -in loki_client.csr -CA ca_promtail.crt -CAkey ca_promtail.key -CAcreateserial -out loki_client.crt -extensions v3_req -extfile $path/client_promtail.conf
50+
openssl req -new -key loki_client.key -out loki_client.csr -extensions v3_req -config $path/client_promtail.conf
51+
openssl x509 -inform pem -req -days 1825 -in loki_client.csr -CA ca_promtail.crt -CAkey ca_promtail.key -CAcreateserial -out loki_client.pem -extensions v3_req -extfile $path/client_promtail.conf
6452

6553
echo "Create the UPS client certificates"
6654
openssl genrsa -out ups_client.key 4096
67-
openssl req -new -key ups_client.key -out ups_client.csr \
68-
-extensions v3_req \
69-
-config $path/client_syslog.conf
70-
openssl x509 -req -days 1825 -in ups_client.csr -CA ca_syslog.crt -CAkey ca_syslog.key -CAcreateserial -out ups_client.crt -extensions v3_req -extfile $path/client_syslog.conf
55+
openssl req -new -key ups_client.key -out ups_client.csr -extensions v3_req -config $path/client_syslog.conf
56+
openssl x509 -inform pem -req -days 1825 -in ups_client.csr -CA ca_syslog.crt -CAkey ca_syslog.key -CAcreateserial -out ups_client.pem -extensions v3_req -extfile $path/client_syslog.conf

0 commit comments

Comments
 (0)