stack/deploy/make-cert.sh

#!/bin/bash

cd deploy/certs

mkdir -p ca 
mkdir -p api-gateway api-registry api-gateway api-eventbus api-vault
mkdir -p basket-svc catalog-svc identity-svc order-svc pricing-svc 

# # Generate ROOT Key
# openssl genrsa -out ca/internalCA.key 4096

# # Generate ROOT Cert
# openssl req -x509 -new -nodes -key ca/internalCA.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io CA/CN=egommerce.io" \
#     -sha256 -days 3650 -out ca/internalCA.crt


# # MANAGING SERVICES

# # Generate Key for API-REGISTRY
# openssl genrsa -out api-registry/registry.key 2048

# # Generate Cert for API-REGISTRY
openssl req -new -sha256 -key api-registry/registry.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-registry" \
    -out api-registry/registry.internal.csr
openssl req -new -sha256 -key api-registry/registry.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-registry" \
    -out api-registry/registry.local.csr

openssl x509 -req -in api-registry/registry.internal.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
    -extensions SAN \
    -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-registry,DNS:consul.service.ego.io,DNS:consul.service.dc.ego.io,IP:127.0.0.1')) \
    -out api-registry/registry.internal.crt -days 365 -sha256
openssl x509 -req -in api-registry/registry.local.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
    -extensions SAN \
    -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-registry,DNS:registry.egommerce.local,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
    -out api-registry/registry.local.crt -days 365 -sha256

# # Generate Key for API-GATEWAY
# openssl genrsa -out api-gateway/gateway.key 2048

# # Generate Cert for API-GATEWAY
openssl req -new -sha256 -key api-gateway/gateway.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-gateway" \
    -out api-gateway/gateway.internal.csr
openssl req -new -sha256 -key api-gateway/gateway.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-gateway" \
    -out api-gateway/gateway.local.csr

openssl x509 -req -in api-gateway/gateway.internal.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
    -extensions SAN \
    -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-gateway,DNS:gateway.service.ego.io,DNS:gateway.service.dc.ego.io,IP:127.0.0.1')) \
    -out api-gateway/gateway.internal.crt -days 365 -sha256
openssl x509 -req -in api-gateway/gateway.local.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
    -extensions SAN \
    -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-gateway,DNS:gateway.egommerce.local,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
    -out api-gateway/gateway.local.crt -days 365 -sha256

# Generate Key for API-VAULT
# openssl genrsa -out api-vault/vault.key 2048

# Generate Cert for API-VAULT
openssl req -new -sha256 -key api-vault/vault.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-vault" \
    -out api-vault/vault.internal.csr
openssl req -new -sha256 -key api-vault/vault.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-vault" \
    -out api-vault/vault.local.csr

openssl x509 -req -in api-vault/vault.internal.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
    -extensions SAN \
    -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-vault,DNS:vault.service.ego.io,DNS:localhost,IP:127.0.0.1')) \
    -out api-vault/vault.internal.crt -days 365 -sha256
openssl x509 -req -in api-vault/vault.local.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
    -extensions SAN \
    -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-vault,DNS:vault.egommerce.local,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
    -out api-vault/vault.local.crt -days 365 -sha256


# Generate Key for API-EVENTBUS
# openssl genrsa -out api-eventbus/eventbus.key 2048

# Generate Cert for API-EVENTBUS
openssl req -new -sha256 -key api-eventbus/eventbus.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-eventbus" \
    -out api-eventbus/eventbus.internal.csr
openssl req -new -sha256 -key api-eventbus/eventbus.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-eventbus" \
    -out api-eventbus/eventbus.local.csr

openssl x509 -req -in api-eventbus/eventbus.internal.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
    -extensions SAN \
    -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-eventbus,DNS:esb.service.ego.io,DNS:localhost,IP:127.0.0.1')) \
    -out api-eventbus/eventbus.internal.crt -days 365 -sha256
openssl x509 -req -in api-eventbus/eventbus.local.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
    -extensions SAN \
    -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-eventbus,DNS:eventbus.egommerce.local,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
    -out api-eventbus/eventbus.local.crt -days 365 -sha256


# API MICROSERVICES
# Generate Key for domain (service) - BASKET-SVC
# openssl genrsa -out basket-svc/basket-svc.key 2048

# Generate Cert for domain (service) - BASKET-SVC
openssl req -new -sha256 -key basket-svc/basket-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=basket-svc" \
    -out basket-svc/basket-svc.csr

openssl x509 -req -in basket-svc/basket-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
    -extensions SAN \
    -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:basket-svc,DNS:basket.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
    -out basket-svc/basket-svc.crt -days 365 -sha256


# Generate Key for domain (service) - CATALOG-SVC
# openssl genrsa -out catalog-svc/catalog-svc.key 2048

# Generate Cert for domain (service) - CATALOG-SVC
openssl req -new -sha256 -key catalog-svc/catalog-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=catalog-svc" \
    -out catalog-svc/catalog-svc.csr

openssl x509 -req -in catalog-svc/catalog-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
    -extensions SAN \
    -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:catalog-svc,DNS:catalog.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
    -out catalog-svc/catalog-svc.crt -days 365 -sha256


# Generate Key for domain (service) - IDENTITY-SVC
# openssl genrsa -out identity-svc/identity-svc.key 2048

# Generate Cert for domain (service) - IDENTITY-SVC
openssl req -new -sha256 -key identity-svc/identity-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=identity-svc" \
    -out identity-svc/identity-svc.csr

openssl x509 -req -in identity-svc/identity-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
    -extensions SAN \
    -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:identity-svc,DNS:identity.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
    -out identity-svc/identity-svc.crt -days 365 -sha256


# Generate Key for domain (service) - ORDER-SVC
# openssl genrsa -out order-svc/order-svc.key 2048

# Generate Cert for domain (service) - ORDER-SVC
openssl req -new -sha256 -key order-svc/order-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=order-svc" \
    -out order-svc/order-svc.csr

openssl x509 -req -in order-svc/order-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
    -extensions SAN \
    -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:order-svc,DNS:order.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
    -out order-svc/order-svc.crt -days 365 -sha256


# Generate Key for domain (service) - PRICING-SVC
# openssl genrsa -out pricing-svc/pricing-svc.key 2048

# Generate Cert for domain (service) - PRICING-SVC
openssl req -new -sha256 -key pricing-svc/pricing-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=pricing-svc" \
    -out pricing-svc/pricing-svc.csr

openssl x509 -req -in pricing-svc/pricing-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
    -extensions SAN \
    -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:pricing-svc,DNS:pricing.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
    -out pricing-svc/pricing-svc.crt -days 365 -sha256
Update & Refactor 2024-12-24 14:29:04 +01:00			`#!/bin/bash`

			`cd deploy/certs`

			`mkdir -p ca`
			`mkdir -p api-gateway api-registry api-gateway api-eventbus api-vault`
			`mkdir -p basket-svc catalog-svc identity-svc order-svc pricing-svc`

			`# # Generate ROOT Key`
			`# openssl genrsa -out ca/internalCA.key 4096`

			`# # Generate ROOT Cert`
			`# openssl req -x509 -new -nodes -key ca/internalCA.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io CA/CN=egommerce.io" \`
			`# -sha256 -days 3650 -out ca/internalCA.crt`


			`# # MANAGING SERVICES`

			`# # Generate Key for API-REGISTRY`
			`# openssl genrsa -out api-registry/registry.key 2048`

			`# # Generate Cert for API-REGISTRY`
			`openssl req -new -sha256 -key api-registry/registry.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-registry" \`
			`-out api-registry/registry.internal.csr`
			`openssl req -new -sha256 -key api-registry/registry.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-registry" \`
			`-out api-registry/registry.local.csr`

			`openssl x509 -req -in api-registry/registry.internal.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \`
			`-extensions SAN \`
			`-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-registry,DNS:consul.service.ego.io,DNS:consul.service.dc.ego.io,IP:127.0.0.1')) \`
			`-out api-registry/registry.internal.crt -days 365 -sha256`
			`openssl x509 -req -in api-registry/registry.local.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \`
			`-extensions SAN \`
			`-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-registry,DNS:registry.egommerce.local,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \`
			`-out api-registry/registry.local.crt -days 365 -sha256`

			`# # Generate Key for API-GATEWAY`
			`# openssl genrsa -out api-gateway/gateway.key 2048`

			`# # Generate Cert for API-GATEWAY`
			`openssl req -new -sha256 -key api-gateway/gateway.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-gateway" \`
			`-out api-gateway/gateway.internal.csr`
			`openssl req -new -sha256 -key api-gateway/gateway.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-gateway" \`
			`-out api-gateway/gateway.local.csr`

			`openssl x509 -req -in api-gateway/gateway.internal.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \`
			`-extensions SAN \`
			`-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-gateway,DNS:gateway.service.ego.io,DNS:gateway.service.dc.ego.io,IP:127.0.0.1')) \`
			`-out api-gateway/gateway.internal.crt -days 365 -sha256`
			`openssl x509 -req -in api-gateway/gateway.local.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \`
			`-extensions SAN \`
			`-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-gateway,DNS:gateway.egommerce.local,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \`
			`-out api-gateway/gateway.local.crt -days 365 -sha256`

			`# Generate Key for API-VAULT`
			`# openssl genrsa -out api-vault/vault.key 2048`

			`# Generate Cert for API-VAULT`
			`openssl req -new -sha256 -key api-vault/vault.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-vault" \`
			`-out api-vault/vault.internal.csr`
			`openssl req -new -sha256 -key api-vault/vault.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-vault" \`
			`-out api-vault/vault.local.csr`

			`openssl x509 -req -in api-vault/vault.internal.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \`
			`-extensions SAN \`
			`-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-vault,DNS:vault.service.ego.io,DNS:localhost,IP:127.0.0.1')) \`
			`-out api-vault/vault.internal.crt -days 365 -sha256`
			`openssl x509 -req -in api-vault/vault.local.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \`
			`-extensions SAN \`
			`-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-vault,DNS:vault.egommerce.local,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \`
			`-out api-vault/vault.local.crt -days 365 -sha256`


			`# Generate Key for API-EVENTBUS`
			`# openssl genrsa -out api-eventbus/eventbus.key 2048`

			`# Generate Cert for API-EVENTBUS`
			`openssl req -new -sha256 -key api-eventbus/eventbus.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-eventbus" \`
			`-out api-eventbus/eventbus.internal.csr`
			`openssl req -new -sha256 -key api-eventbus/eventbus.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-eventbus" \`
			`-out api-eventbus/eventbus.local.csr`

			`openssl x509 -req -in api-eventbus/eventbus.internal.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \`
			`-extensions SAN \`
			`-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-eventbus,DNS:esb.service.ego.io,DNS:localhost,IP:127.0.0.1')) \`
			`-out api-eventbus/eventbus.internal.crt -days 365 -sha256`
			`openssl x509 -req -in api-eventbus/eventbus.local.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \`
			`-extensions SAN \`
			`-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-eventbus,DNS:eventbus.egommerce.local,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \`
			`-out api-eventbus/eventbus.local.crt -days 365 -sha256`


			`# API MICROSERVICES`
			`# Generate Key for domain (service) - BASKET-SVC`
			`# openssl genrsa -out basket-svc/basket-svc.key 2048`

			`# Generate Cert for domain (service) - BASKET-SVC`
			`openssl req -new -sha256 -key basket-svc/basket-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=basket-svc" \`
			`-out basket-svc/basket-svc.csr`

			`openssl x509 -req -in basket-svc/basket-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \`
			`-extensions SAN \`
			`-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:basket-svc,DNS:basket.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \`
			`-out basket-svc/basket-svc.crt -days 365 -sha256`


			`# Generate Key for domain (service) - CATALOG-SVC`
			`# openssl genrsa -out catalog-svc/catalog-svc.key 2048`

			`# Generate Cert for domain (service) - CATALOG-SVC`
			`openssl req -new -sha256 -key catalog-svc/catalog-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=catalog-svc" \`
			`-out catalog-svc/catalog-svc.csr`

			`openssl x509 -req -in catalog-svc/catalog-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \`
			`-extensions SAN \`
			`-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:catalog-svc,DNS:catalog.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \`
			`-out catalog-svc/catalog-svc.crt -days 365 -sha256`


			`# Generate Key for domain (service) - IDENTITY-SVC`
			`# openssl genrsa -out identity-svc/identity-svc.key 2048`

			`# Generate Cert for domain (service) - IDENTITY-SVC`
			`openssl req -new -sha256 -key identity-svc/identity-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=identity-svc" \`
			`-out identity-svc/identity-svc.csr`

			`openssl x509 -req -in identity-svc/identity-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \`
			`-extensions SAN \`
			`-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:identity-svc,DNS:identity.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \`
			`-out identity-svc/identity-svc.crt -days 365 -sha256`


			`# Generate Key for domain (service) - ORDER-SVC`
			`# openssl genrsa -out order-svc/order-svc.key 2048`

			`# Generate Cert for domain (service) - ORDER-SVC`
			`openssl req -new -sha256 -key order-svc/order-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=order-svc" \`
			`-out order-svc/order-svc.csr`

			`openssl x509 -req -in order-svc/order-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \`
			`-extensions SAN \`
			`-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:order-svc,DNS:order.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \`
			`-out order-svc/order-svc.crt -days 365 -sha256`


			`# Generate Key for domain (service) - PRICING-SVC`
			`# openssl genrsa -out pricing-svc/pricing-svc.key 2048`

			`# Generate Cert for domain (service) - PRICING-SVC`
			`openssl req -new -sha256 -key pricing-svc/pricing-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=pricing-svc" \`
			`-out pricing-svc/pricing-svc.csr`

			`openssl x509 -req -in pricing-svc/pricing-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \`
			`-extensions SAN \`
			`-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:pricing-svc,DNS:pricing.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \`
			`-out pricing-svc/pricing-svc.crt -days 365 -sha256`