~damien/infrastructure

ref: 6e780e446771b6c7081908847fa4883f834be2f6 infrastructure/scripts/issue-cert.sh -rwxr-xr-x 1.1 KiB
6e780e44 — Damien Radtke Add nomad-client 1 year, 16 days ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#!/usr/bin/env bash
#
# Examples:
# 
#   cd /etc/ssl/vault && issue-cert.sh vault <vault|cli|...>
#   cd /etc/ssl/nomad && issue-cert.sh nomad nomad <server|client>.<global|us-central|...>.nomad
#

set -o errexit
set -o pipefail

HOSTNAMES="localhost"

while (( "$#" )); do
	case "$1" in
		-u|--user) USER="$2"; shift 2;;
		-c|--ca) CERTIFICATE_AUTHORITY="$2"; shift 2;;
		-n|--name) CERT_NAME="$2"; shift 2;;
		-h|--hostnames) HOSTNAMES="${HOSTNAMES},$2"; shift 2;;
		*) echo "unsupported argument: $1"; exit 1;;
	esac
done

if [[ -z "${USER}" || -z "${CERTIFICATE_AUTHORITY}" || -z "${CERT_NAME}" ]]; then
	echo "usage: $0 --user <user> --ca <ca> --name <cert_name>"
	exit 2
fi

echo "Issuing new certificate for CA: ${CERTIFICATE_AUTHORITY}"
echo "Hostnames: ${HOSTNAMES}"
echo ""

pushd "/etc/ssl/${USER}"
	RESPONSE=$(echo '{}' | cfssl gencert -config /etc/ssl/cfssl.json -hostname "${HOSTNAMES}" -label "${CERTIFICATE_AUTHORITY}" -)
	echo "${RESPONSE}" | jq --raw-output .cert > "${CERT_NAME}.pem"
	echo "${RESPONSE}" | jq --raw-output .key > "${CERT_NAME}-key.pem"
	chmod 0400 "${CERT_NAME}-key.pem"
	chown "${USER}:${USER}" *.pem
popd