1 files changed, 29 insertions, 17 deletions

diff --git a/genkeys.sh b/genkeys.sh
index bff69da9..ae493248 100755
--- a/genkeys.sh
+++ b/genkeys.sh
@@ -10,27 +10,39 @@ cd pki
 if [ ! -f garage-ca.key ]; then
     echo "Generating Garage CA keys..."
 	openssl genrsa -out garage-ca.key 4096
-	openssl req -x509 -new -key garage-ca.key -subj "/C=FR/O=Garage" -days 3650 -out garage-ca.crt
+	openssl req -x509 -new -nodes -key garage-ca.key -sha256 -days 3650 -out garage-ca.crt -subj "/C=FR/O=Garage"
 fi
 
-if [ ! -f garage.key ]; then
-    echo "Generating Garage agent keys..."
-	openssl genrsa -out garage.key 4096
-	openssl req -new -sha256 -key garage.key -subj "/C=FR/O=Garage/CN=*" -out garage.csr
+
+if [ ! -f garage.crt ]; then
+	echo "Generating Garage agent keys..."
+	if [ ! -f garage.key ]; then
+		openssl genrsa -out garage.key 4096
+	fi
+	openssl req -new -sha256 -key garage.key -subj "/C=FR/O=Garage/CN=garage" \
+		-out garage.csr
 	openssl req -in garage.csr -noout -text
 	openssl x509 -req -in garage.csr \
-		-CA garage-ca.crt -CAkey garage-ca.key -CAcreateserial \
-		-out garage.crt -days 365 -sha256
-	rm garage.csr
-fi
+		-extensions v3_req \
+		-extfile <(cat <<EOF
+[req]
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+prompt = no
+
+[req_distinguished_name]
+C = FR
+O = Garage
+CN = garage
 
-if [ ! -f garage-client.key ]; then
-	echo "Generating Garage client key..."
-	openssl genrsa -out garage-client.key 4096
-	openssl req -new -sha256 -key garage-client.key -subj "/C=FR/O=Garage" -out garage-client.csr
-	openssl req -in garage-client.csr -noout -text
-	openssl x509 -req -in garage-client.csr \
+[v3_req]
+keyUsage = keyEncipherment, dataEncipherment
+extendedKeyUsage = serverAuth, clientAuth
+subjectAltName = @alt_names
+[alt_names]
+DNS.1 = garage
+EOF
+) \
 		-CA garage-ca.crt -CAkey garage-ca.key -CAcreateserial \
-		-out garage-client.crt -days 365 -sha256
-	rm garage-client.csr
+		-out garage.crt -days 365
 fi