forked from vmware/concord-bft
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcreate_tls_certs.sh
executable file
·65 lines (52 loc) · 1.95 KB
/
create_tls_certs.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#!/usr/bin/env bash
# Creates simple self-signed certificates to use with TCP/TLS module
# by default, the script:
# 1) Creates "certs" folder in the current folder
# 2) Starts from node ID 0
#
# Examples usage:
# 1) To create 10 certificates folders with node IDs 0 to 9 in "./certs:
# > ./create_tls_certs.sh 10
#
# 2) To create 15 certificates folders with node IDs 0 to 14 in "/tmp/abc/:
# > ./create_tls_certs.sh 15 /tmp/abc
#
# 3) To create 30 certificates folders with node IDs 5 to 34 in "/tmp/fldkdsZ/:
# > ./create_tls_certs.sh 30 /tmp/fldkdsZ 5
KEY="15ec11a047f630ca00f65c25f0b3bfd89a7054a5b9e2e3cdb6a772a58251b4c2"
IV="38106509f6528ff859c366747aa04f21"
if [ "$#" -eq 0 ] || [ -z "$1" ]; then
echo "usage: create_tls_certs.sh {num of replicas} {optional - output folder} {optional - start node ID}"
exit 1
fi
dir=$2
if [ -z "$dir" ]; then
dir="certs"
fi
start_node_id=$3
if [ -z "$start_node_id" ]; then
start_node_id=0
fi
i=$start_node_id
last_node_id=$((i + $1 - 1))
while [ $i -le $last_node_id ]; do
echo "processing replica $i/$last_node_id"
clientDir=$dir/$i/client
serverDir=$dir/$i/server
mkdir -p $clientDir
mkdir -p $serverDir
openssl ecparam -name secp384r1 -genkey -noout -out $serverDir/pk.pem
openssl ecparam -name secp384r1 -genkey -noout -out $clientDir/pk.pem
openssl req -new -key $serverDir/pk.pem -nodes -days 365 -x509 \
-subj "/C=NA/ST=NA/L=NA/O=NA/OU=${i}/CN=node${i}ser" -out $serverDir/server.cert
openssl req -new -key $clientDir/pk.pem -nodes -days 365 -x509 \
-subj "/C=NA/ST=NA/L=NA/O=NA/OU=${i}/CN=node${i}cli" -out $clientDir/client.cert
openssl enc -base64 -aes-256-cbc -e -in $serverDir/pk.pem -K ${KEY} -iv ${IV} \
-p -out $serverDir/pk.pem.enc 2>/dev/null
openssl enc -base64 -aes-256-cbc -e -in $clientDir/pk.pem -K ${KEY} -iv ${IV} \
-p -out $clientDir/pk.pem.enc 2>/dev/null
# rm $serverDir/pk.pem
# rm $clientDir/pk.pem
(( i=i+1 ))
done
exit 0