aboutsummaryrefslogtreecommitdiff
path: root/genkeys.sh
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2021-12-06 13:15:50 +0100
committerAlex Auvolat <alex@adnab.me>2021-12-06 13:15:50 +0100
commitccce75bc25a2827e23443ec65ceb6b409f4a55ae (patch)
tree40c46b1af79c8c8344fa34215fcdfa221a0db6e0 /genkeys.sh
parent7f26ed55cdad4a67300447cf92bf8e4975a5c978 (diff)
downloadgarage-ccce75bc25a2827e23443ec65ceb6b409f4a55ae.tar.gz
garage-ccce75bc25a2827e23443ec65ceb6b409f4a55ae.zip
Remove TODO and genkeys.sh
Diffstat (limited to 'genkeys.sh')
-rwxr-xr-xgenkeys.sh83
1 files changed, 0 insertions, 83 deletions
diff --git a/genkeys.sh b/genkeys.sh
deleted file mode 100755
index 70fe12e0..00000000
--- a/genkeys.sh
+++ /dev/null
@@ -1,83 +0,0 @@
-#!/bin/bash
-
-set -xe
-
-cd $(dirname $0)
-
-mkdir -p pki
-cd pki
-
-# Create a certificate authority that both the client side and the server side of
-# the RPC protocol will use to authenticate the other side.
-if [ ! -f garage-ca.key ]; then
- echo "Generating Garage CA keys..."
- openssl genpkey -algorithm ED25519 -out garage-ca.key
- openssl req -x509 -new -nodes -key garage-ca.key -sha256 -days 3650 -out garage-ca.crt -subj "/C=FR/O=Garage"
-fi
-
-
-# Generate a certificate that can be used either as a server certificate
-# or a client certificate. This is what the RPC client and server will use
-# to prove that they are authenticated by the CA.
-if [ ! -f garage.crt ]; then
- echo "Generating Garage agent keys..."
- if [ ! -f garage.key ]; then
- openssl genpkey -algorithm ED25519 -out garage.key
- fi
- openssl req -new -sha256 -key garage.key -subj "/C=FR/O=Garage/CN=garage" \
- -out garage.csr
- openssl req -in garage.csr -noout -text
- openssl x509 -req -in garage.csr \
- -extensions v3_req \
- -extfile <(cat <<EOF
-[req]
-distinguished_name = req_distinguished_name
-req_extensions = v3_req
-prompt = no
-
-[req_distinguished_name]
-C = FR
-O = Garage
-CN = garage
-
-[v3_req]
-keyUsage = keyEncipherment, dataEncipherment
-extendedKeyUsage = serverAuth, clientAuth
-subjectAltName = @alt_names
-[alt_names]
-DNS.1 = garage
-EOF
-) \
- -CA garage-ca.crt -CAkey garage-ca.key -CAcreateserial \
- -out garage.crt -days 365
-fi
-
-# Client-only certificate used for the CLI
-if [ ! -f garage-client.crt ]; then
- echo "Generating Garage client keys..."
- if [ ! -f garage-client.key ]; then
- openssl genpkey -algorithm ED25519 -out garage-client.key
- fi
- openssl req -new -sha256 -key garage-client.key -subj "/C=FR/O=Garage" \
- -out garage-client.csr
- openssl req -in garage-client.csr -noout -text
- openssl x509 -req -in garage-client.csr \
- -extensions v3_req \
- -extfile <(cat <<EOF
-[req]
-distinguished_name = req_distinguished_name
-req_extensions = v3_req
-prompt = no
-
-[req_distinguished_name]
-C = FR
-O = Garage
-
-[v3_req]
-keyUsage = keyEncipherment, dataEncipherment
-extendedKeyUsage = clientAuth
-EOF
-) \
- -CA garage-ca.crt -CAkey garage-ca.key -CAcreateserial \
- -out garage-client.crt -days 365
-fi