NotoriousBIT · May 2, 2022 14:37
diff --git a/genCerts.sh b/genCerts.sh
 #! /bin/sh
 # https://docs.docker.com/engine/security/protect-access/
 echo "# Start"

 HOST="cybus.io"
 HOSTS="DNS:$HOST,IP:127.0.0.1,IP:172.16.0.10"

 echo
 echo "# Generate CA private and public keys"
 openssl genrsa -out ca-key.pem 4096
 openssl req -new -x509 -days 18250 -key ca-key.pem -sha256 -out ca.pem -subj "/CN=$HOST"

 echo
 echo "Create a server key"
 openssl genrsa -out server-key.pem 4096

 echo
 echo "Create certificate signing request"
 openssl req -subj "/CN=$HOST" -sha256 -new -key server-key.pem -out server.csr

 echo
 echo "Sign the public key with CA"
 echo subjectAltName = $HOSTS > extfile.cnf
 #Set the Docker daemon key’s extended usage attributes to be used only for server authentication
 echo extendedKeyUsage = serverAuth >> extfile.cnf
 openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \
  -CAcreateserial -out server-cert.pem -extfile extfile.cnf

 echo
 echo "Create a client key and certificate signing request"
 openssl genrsa -out key.pem 4096
 openssl req -subj '/CN=client' -new -key key.pem -out client.csr

 echo
 echo "Make the key suitable for client authentication"
 echo extendedKeyUsage = clientAuth > extfile-client.cnf

 echo
 echo "Generate the signed certificate"
 openssl x509 -req -days 18250 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem \
  -CAcreateserial -out cert.pem -extfile extfile-client.cnf

 echo
 echo "Remove the two certificate signing requests and extensions config"
 rm -v client.csr server.csr extfile.cnf extfile-client.cnf

 # echo
 # echo "Protect keys & certs from accidental damage"
 # chmod -v 0400 ca-key.pem key.pem server-key.pem
 # chmod -v 0444 ca.pem server-cert.pem cert.pem
	#! /bin/sh
	# https://docs.docker.com/engine/security/protect-access/
	echo "# Start"

	HOST="cybus.io"
	HOSTS="DNS:$HOST,IP:127.0.0.1,IP:172.16.0.10"

	echo
	echo "# Generate CA private and public keys"
	openssl genrsa -out ca-key.pem 4096
	openssl req -new -x509 -days 18250 -key ca-key.pem -sha256 -out ca.pem -subj "/CN=$HOST"

	echo
	echo "Create a server key"
	openssl genrsa -out server-key.pem 4096

	echo
	echo "Create certificate signing request"
	openssl req -subj "/CN=$HOST" -sha256 -new -key server-key.pem -out server.csr

	echo
	echo "Sign the public key with CA"
	echo subjectAltName = $HOSTS > extfile.cnf
	#Set the Docker daemon key’s extended usage attributes to be used only for server authentication
	echo extendedKeyUsage = serverAuth >> extfile.cnf
	openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \
	-CAcreateserial -out server-cert.pem -extfile extfile.cnf

	echo
	echo "Create a client key and certificate signing request"
	openssl genrsa -out key.pem 4096
	openssl req -subj '/CN=client' -new -key key.pem -out client.csr

	echo
	echo "Make the key suitable for client authentication"
	echo extendedKeyUsage = clientAuth > extfile-client.cnf

	echo
	echo "Generate the signed certificate"
	openssl x509 -req -days 18250 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem \
	-CAcreateserial -out cert.pem -extfile extfile-client.cnf

	echo
	echo "Remove the two certificate signing requests and extensions config"
	rm -v client.csr server.csr extfile.cnf extfile-client.cnf

	# echo
	# echo "Protect keys & certs from accidental damage"
	# chmod -v 0400 ca-key.pem key.pem server-key.pem
	# chmod -v 0444 ca.pem server-cert.pem cert.pem
No results found