|
| 1 | +#!/bin/bash |
| 2 | + |
| 3 | +CA_KEY="ca.key" |
| 4 | +CA_CERT="ca.crt" |
| 5 | + |
| 6 | +# Output paths for the database and storage certificates and keys |
| 7 | +DATABASE_KEY="../database.key" |
| 8 | +DATABASE_CSR="database.csr" |
| 9 | +DATABASE_CERT="../database.crt" |
| 10 | + |
| 11 | +STORAGE_KEY="../storage.key" |
| 12 | +STORAGE_CSR="storage.csr" |
| 13 | +STORAGE_CERT="../storage.crt" |
| 14 | + |
| 15 | +generate_certificate() { |
| 16 | + local KEY_PATH=$1 |
| 17 | + local CSR_PATH=$2 |
| 18 | + local CERT_PATH=$3 |
| 19 | + local CONFIG_FILE=$4 |
| 20 | + |
| 21 | + openssl req -new -newkey rsa:2048 -nodes -keyout "$KEY_PATH" -out "$CSR_PATH" -config "$CONFIG_FILE" |
| 22 | + openssl x509 -req -in "$CSR_PATH" -CA "$CA_CERT" -CAkey "$CA_KEY" -CAcreateserial -out "$CERT_PATH" -days 5475 -sha256 -extensions req_ext -extfile "$CONFIG_FILE" |
| 23 | +} |
| 24 | + |
| 25 | +# Paths to .cnf files, where we will write certificate settings |
| 26 | +DATABASE_CONFIG="database-csr.cnf" |
| 27 | +STORAGE_CONFIG="storage-csr.cnf" |
| 28 | + |
| 29 | +cat > $DATABASE_CONFIG <<EOF |
| 30 | +[req] |
| 31 | +distinguished_name = req_distinguished_name |
| 32 | +req_extensions = req_ext |
| 33 | +prompt = no |
| 34 | +
|
| 35 | +[req_distinguished_name] |
| 36 | +O = test |
| 37 | +
|
| 38 | +[req_ext] |
| 39 | +subjectAltName = @alt_names |
| 40 | +extendedKeyUsage = serverAuth, clientAuth |
| 41 | +basicConstraints = critical,CA:FALSE |
| 42 | +
|
| 43 | +[alt_names] |
| 44 | +DNS.1 = database-grpc.ydb.svc.cluster.local |
| 45 | +DNS.2 = *.database-interconnect.ydb.svc.cluster.local |
| 46 | +EOF |
| 47 | + |
| 48 | +cat > $STORAGE_CONFIG <<EOF |
| 49 | +[req] |
| 50 | +distinguished_name = req_distinguished_name |
| 51 | +req_extensions = req_ext |
| 52 | +prompt = no |
| 53 | +
|
| 54 | +[req_distinguished_name] |
| 55 | +O = test |
| 56 | +
|
| 57 | +[req_ext] |
| 58 | +subjectAltName = @alt_names |
| 59 | +extendedKeyUsage = serverAuth, clientAuth |
| 60 | +basicConstraints = critical,CA:FALSE |
| 61 | +
|
| 62 | +[alt_names] |
| 63 | +DNS.1 = storage-grpc.ydb.svc.cluster.local |
| 64 | +DNS.2 = *.storage-interconnect.ydb.svc.cluster.local |
| 65 | +EOF |
| 66 | + |
| 67 | +generate_certificate "$DATABASE_KEY" "$DATABASE_CSR" "$DATABASE_CERT" "$DATABASE_CONFIG" |
| 68 | + |
| 69 | +generate_certificate "$STORAGE_KEY" "$STORAGE_CSR" "$STORAGE_CERT" "$STORAGE_CONFIG" |
| 70 | + |
| 71 | +# Clean up |
| 72 | +rm $DATABASE_CSR $STORAGE_CSR $DATABASE_CONFIG $STORAGE_CONFIG |
| 73 | + |
| 74 | +echo "Certificates generated:" |
| 75 | +echo " - $DATABASE_CERT" |
| 76 | +echo " - $STORAGE_CERT" |
0 commit comments