#!/bin/bash cd deploy/certs mkdir -p ca mkdir -p api-gateway api-registry api-gateway api-eventbus api-vault mkdir -p basket-svc catalog-svc identity-svc order-svc pricing-svc # # Generate ROOT Key # openssl genrsa -out ca/internalCA.key 4096 # # Generate ROOT Cert # openssl req -x509 -new -nodes -key ca/internalCA.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io CA/CN=egommerce.io" \ # -sha256 -days 3650 -out ca/internalCA.crt # # MANAGING SERVICES # # Generate Key for API-REGISTRY # openssl genrsa -out api-registry/registry.key 2048 # # Generate Cert for API-REGISTRY openssl req -new -sha256 -key api-registry/registry.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-registry" \ -out api-registry/registry.internal.csr openssl req -new -sha256 -key api-registry/registry.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-registry" \ -out api-registry/registry.local.csr openssl x509 -req -in api-registry/registry.internal.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ -extensions SAN \ -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-registry,DNS:consul.service.ego.io,DNS:consul.service.dc.ego.io,IP:127.0.0.1')) \ -out api-registry/registry.internal.crt -days 365 -sha256 openssl x509 -req -in api-registry/registry.local.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ -extensions SAN \ -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-registry,DNS:registry.egommerce.local,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \ -out api-registry/registry.local.crt -days 365 -sha256 # # Generate Key for API-GATEWAY # openssl genrsa -out api-gateway/gateway.key 2048 # # Generate Cert for API-GATEWAY openssl req -new -sha256 -key api-gateway/gateway.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-gateway" \ -out api-gateway/gateway.internal.csr openssl req -new -sha256 -key api-gateway/gateway.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-gateway" \ -out api-gateway/gateway.local.csr openssl x509 -req -in api-gateway/gateway.internal.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ -extensions SAN \ -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-gateway,DNS:gateway.service.ego.io,DNS:gateway.service.dc.ego.io,IP:127.0.0.1')) \ -out api-gateway/gateway.internal.crt -days 365 -sha256 openssl x509 -req -in api-gateway/gateway.local.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ -extensions SAN \ -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-gateway,DNS:gateway.egommerce.local,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \ -out api-gateway/gateway.local.crt -days 365 -sha256 # Generate Key for API-VAULT # openssl genrsa -out api-vault/vault.key 2048 # Generate Cert for API-VAULT openssl req -new -sha256 -key api-vault/vault.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-vault" \ -out api-vault/vault.internal.csr openssl req -new -sha256 -key api-vault/vault.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-vault" \ -out api-vault/vault.local.csr openssl x509 -req -in api-vault/vault.internal.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ -extensions SAN \ -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-vault,DNS:vault.service.ego.io,DNS:localhost,IP:127.0.0.1')) \ -out api-vault/vault.internal.crt -days 365 -sha256 openssl x509 -req -in api-vault/vault.local.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ -extensions SAN \ -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-vault,DNS:vault.egommerce.local,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \ -out api-vault/vault.local.crt -days 365 -sha256 # Generate Key for API-EVENTBUS # openssl genrsa -out api-eventbus/eventbus.key 2048 # Generate Cert for API-EVENTBUS openssl req -new -sha256 -key api-eventbus/eventbus.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-eventbus" \ -out api-eventbus/eventbus.internal.csr openssl req -new -sha256 -key api-eventbus/eventbus.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-eventbus" \ -out api-eventbus/eventbus.local.csr openssl x509 -req -in api-eventbus/eventbus.internal.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ -extensions SAN \ -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-eventbus,DNS:esb.service.ego.io,DNS:localhost,IP:127.0.0.1')) \ -out api-eventbus/eventbus.internal.crt -days 365 -sha256 openssl x509 -req -in api-eventbus/eventbus.local.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ -extensions SAN \ -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-eventbus,DNS:eventbus.egommerce.local,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \ -out api-eventbus/eventbus.local.crt -days 365 -sha256 # API MICROSERVICES # Generate Key for domain (service) - BASKET-SVC # openssl genrsa -out basket-svc/basket-svc.key 2048 # Generate Cert for domain (service) - BASKET-SVC openssl req -new -sha256 -key basket-svc/basket-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=basket-svc" \ -out basket-svc/basket-svc.csr openssl x509 -req -in basket-svc/basket-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ -extensions SAN \ -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:basket-svc,DNS:basket.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \ -out basket-svc/basket-svc.crt -days 365 -sha256 # Generate Key for domain (service) - CATALOG-SVC # openssl genrsa -out catalog-svc/catalog-svc.key 2048 # Generate Cert for domain (service) - CATALOG-SVC openssl req -new -sha256 -key catalog-svc/catalog-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=catalog-svc" \ -out catalog-svc/catalog-svc.csr openssl x509 -req -in catalog-svc/catalog-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ -extensions SAN \ -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:catalog-svc,DNS:catalog.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \ -out catalog-svc/catalog-svc.crt -days 365 -sha256 # Generate Key for domain (service) - IDENTITY-SVC # openssl genrsa -out identity-svc/identity-svc.key 2048 # Generate Cert for domain (service) - IDENTITY-SVC openssl req -new -sha256 -key identity-svc/identity-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=identity-svc" \ -out identity-svc/identity-svc.csr openssl x509 -req -in identity-svc/identity-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ -extensions SAN \ -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:identity-svc,DNS:identity.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \ -out identity-svc/identity-svc.crt -days 365 -sha256 # Generate Key for domain (service) - ORDER-SVC # openssl genrsa -out order-svc/order-svc.key 2048 # Generate Cert for domain (service) - ORDER-SVC openssl req -new -sha256 -key order-svc/order-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=order-svc" \ -out order-svc/order-svc.csr openssl x509 -req -in order-svc/order-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ -extensions SAN \ -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:order-svc,DNS:order.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \ -out order-svc/order-svc.crt -days 365 -sha256 # Generate Key for domain (service) - PRICING-SVC # openssl genrsa -out pricing-svc/pricing-svc.key 2048 # Generate Cert for domain (service) - PRICING-SVC openssl req -new -sha256 -key pricing-svc/pricing-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=pricing-svc" \ -out pricing-svc/pricing-svc.csr openssl x509 -req -in pricing-svc/pricing-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ -extensions SAN \ -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:pricing-svc,DNS:pricing.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \ -out pricing-svc/pricing-svc.crt -days 365 -sha256