~damien/infrastructure

infrastructure/tools/issue-cert -rwxr-xr-x 744 bytes
b481ba41 — Damien Radtke Suppress cluster env output if non-interactive 6 days ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#!/usr/bin/env bash
#
# Issue a new certificate using one of the available CAs.
#
# Example:
#
#   $ issue-cert nomad nomad-cli
#

if [[ $# -ne 2 ]]; then
	echo "usage: $0 <ca> <cert-name>"
	exit 1
fi

CA="$1"
NAME="$2"

COMMON_NAME="damienradtke.com"
COUNTRY="US"
STATE="Illinois"
CITY="Chicago"

CSR="$(cfssl print-defaults csr \
	| jq --arg common_name "${COMMON_NAME}" --arg country "${COUNTRY}" --arg state "${STATE}" --arg city "${CITY}" \
	'.CN = $common_name | .hosts = [] | .names[0].C = $country | .names[0].L = $state | .names[0].ST = $city')"

echo "${CSR}" \
	| sudo `which cfssl` gencert -config /etc/ssl/cfssl.json -ca "/etc/ssl/${CA}/ca.pem" -ca-key "/etc/ssl/${CA}/ca-key.pem" - \
	| cfssljson -bare "${NAME}"

chmod a-w *.pem