75b02dff3d
* op-signer: add to this repo * circleci: add op-signer jobs/workflows * ops: update tag service to include op-signer * readme: add op-signer one sentence description * ci: add op-signer option to github action * ops: add op-signer min version
52 lines
1.3 KiB
Bash
Executable File
52 lines
1.3 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
set -euo pipefail
|
|
|
|
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
|
TLS_DIR=$SCRIPT_DIR/tls
|
|
|
|
version=$(openssl version)
|
|
|
|
if [[ "$version" != "LibreSSL"* ]] && [[ "$version" != "OpenSSL 1.1"* ]]; then
|
|
echo "openssl version: $version"
|
|
echo "script only works with LibreSSL (darwin) or OpenSSL 1.1*"
|
|
exit 1
|
|
fi
|
|
|
|
echo "Generating mTLS credentials for local development..."
|
|
echo ""
|
|
|
|
mkdir -p "$TLS_DIR"
|
|
|
|
if [ ! -f "$TLS_DIR/ca.crt" ]; then
|
|
echo 'Generating CA'
|
|
openssl req -newkey rsa:2048 \
|
|
-new -nodes -x509 \
|
|
-days 365 \
|
|
-sha256 \
|
|
-out "$TLS_DIR/ca.crt" \
|
|
-keyout "$TLS_DIR/ca.key" \
|
|
-subj "/O=OP Labs/CN=root"
|
|
fi
|
|
|
|
echo 'Generating TLS certificate request'
|
|
openssl genrsa -out "$TLS_DIR/tls.key" 2048
|
|
openssl req -new -key "$TLS_DIR/tls.key" \
|
|
-days 1 \
|
|
-sha256 \
|
|
-out "$TLS_DIR/tls.csr" \
|
|
-keyout "$TLS_DIR/tls.key" \
|
|
-subj "/O=OP Labs/CN=localhost" \
|
|
-extensions san \
|
|
-config <(echo '[req]'; echo 'distinguished_name=req'; \
|
|
echo '[san]'; echo 'subjectAltName=DNS:localhost')
|
|
|
|
openssl x509 -req -in "$TLS_DIR/tls.csr" \
|
|
-sha256 \
|
|
-CA "$TLS_DIR/ca.crt" \
|
|
-CAkey "$TLS_DIR/ca.key" \
|
|
-CAcreateserial \
|
|
-out "$TLS_DIR/tls.crt" \
|
|
-days 3 \
|
|
-extfile <(echo 'subjectAltName=DNS:localhost')
|