~damien/infrastructure

39fd996bc0dfb8886c7b611d847c18af208c30cf — Damien Radtke 9 months ago 7ea12ce
Add tool for issuing certs from the support server
1 files changed, 20 insertions(+), 0 deletions(-)

A tools/issue-cert
A tools/issue-cert => tools/issue-cert +20 -0
@@ 0,0 1,20 @@
#!/usr/bin/env bash
#
# Issue a new certificate using one of the available CAs.
#
# Example:
#
#   $ issue-cert nomad nomad-cli
#

if [[ $# -ne 2 ]]; then
	echo "usage: $0 <ca> <cert-name>"
	exit 1
fi

CA="$1"
NAME="$2"

RESPONSE=$(echo '{}' | sudo `which cfssl` gencert -config /etc/ssl/cfssl.json -ca "/etc/ssl/${CA}/ca.pem" -ca-key "/etc/ssl/${CA}/ca-key.pem" -)
echo "${RESPONSE}" | jq -r .cert > "${NAME}.pem"; chmod 0444 "${NAME}.pem"
echo "${RESPONSE}" | jq -r .key > "${NAME}-key.pem"; chmod 0400 "${NAME}-key.pem"