~damien/infrastructure

1381433ca51b079dfd18027f53ea0358b40350b1 — Damien Radtke 9 months ago 22f2edc
Update subject information for certs
2 files changed, 19 insertions(+), 15 deletions(-)

M scripts/issue-cert.sh
M tools/issue-cert
M scripts/issue-cert.sh => scripts/issue-cert.sh +10 -1
@@ 43,8 43,17 @@ echo "Issuing new certificate for CA: ${CERTIFICATE_AUTHORITY}"
echo "Hostnames: ${HOSTNAMES}"
echo ""

COMMON_NAME="damienradtke.com"
COUNTRY="US"
STATE="Illinois"
CITY="Chicago"

CSR="$(cfssl print-defaults csr \
	| jq --arg common_name "${COMMON_NAME}" --arg country "${COUNTRY}" --arg state "${STATE}" --arg city "${CITY}" \
	'.CN = $common_name | .hosts = [] | .names[0].C = $country | .names[0].L = $state | .names[0].ST = $city')"

pushd "/etc/ssl/${USER}"
	echo '{}' \
	echo "${CSR}" \
		| cfssl gencert -config /etc/ssl/cfssl.json -hostname "${HOSTNAMES}" -label "${CERTIFICATE_AUTHORITY}" - \
		| cfssljson -bare "${CERT_NAME}"
	chmod a-w *.pem

M tools/issue-cert => tools/issue-cert +9 -14
@@ 15,21 15,16 @@ fi
CA="$1"
NAME="$2"

# TODO: this doesn't seem to work if the CA wasn't already given these names?
CSRJSON="$(cat <<EOF
{
	"key": {"algo": "rsa", "size": 2048},
	"CN": "damienradtke.com",
	"names": [{
		"C": "US",
		"ST": "IL",
		"L": "Chicago"
	}]
}
EOF
)"
COMMON_NAME="damienradtke.com"
COUNTRY="US"
STATE="Illinois"
CITY="Chicago"

echo "${CSRJSON}" \
CSR="$(cfssl print-defaults csr \
	| jq --arg common_name "${COMMON_NAME}" --arg country "${COUNTRY}" --arg state "${STATE}" --arg city "${CITY}" \
	'.CN = $common_name | .hosts = [] | .names[0].C = $country | .names[0].L = $state | .names[0].ST = $city')"

echo "${CSR}" \
	| sudo `which cfssl` gencert -config /etc/ssl/cfssl.json -ca "/etc/ssl/${CA}/ca.pem" -ca-key "/etc/ssl/${CA}/ca-key.pem" - \
	| cfssljson -bare "${NAME}"