# #!/bin/bash export DEPLOY_DIR="./deploy" export CERTS_DIR="${DEPLOY_DIR}/certs/" export REGISTRY_CN="registry.egommerce.local,api-registry,localhost" export REGISTRY_SAN="DNS:registry.egommerce.local,DNS:api-registry,DNS:localhost,IP:127.0.0.1" export GATEWAY_CN="gateway.egommerce.local,api-gatway,localhost" export GATEWAY_SAN="DNS:gateway.egommerce.local,DNS:api-gateway,DNS:gw.egommerce.local,DNS:localhost,IP:127.0.0.1" export VAULT_CN="vault.egommerce.local,api-vault,localhost" export VAULT_SAN="DNS:vault.egommerce.local,DNS:api-vault,DNS:localhost,IP:127.0.0.1" export EVENTBUS_CN="esb.egommerce.local,api-eventbus,localhost" export EVENTBUS_SAN="DNS:esb.egommerce.local,DNS:api-eventbus,DNS:localhost,IP:127.0.0.1" export CACHE_CN="cache.egommerce.local,api-cache,localhost" export CACHE_SAN="DNS:cache.egommerce.local,DNS:api-cache,DNS:localhost,IP:127.0.0.1" export LOGGER_CN="logger.egommerce.local,api-logger,localhost" export LOGGER_SAN="DNS:logger.egommerce.local,DNS:api-logger,DNS:localhost,IP:127.0.0.1" export PROMETHEUS_CN="prometheus.egommerce.local,api-prometheus,localhost" export PROMETHEUS_SAN="DNS:prometheus.egommerce.local,DNS:api-prometheus,DNS:localhost,IP:127.0.0.1" export GRAFANA_CN="grafana.egommerce.local,api-grafana,localhost" export GRAFANA_SAN="DNS:grafana.egommerce.local,DNS:api-grafana,DNS:localhost,IP:127.0.0.1" export POSTGRES_CN="postgresdb.egommerce.local,db-postgres,localhost" export POSTGRES_SAN="DNS:pstgresdb.egommerce.local,DNS:db-postgres,DNS:localhost,IP:127.0.0.1" export MONGO_CN="mongo.db.egommerce.local,db-mongo,localhost" export MONGO_SAN="DNS:mongo.db.egommerce.local,DNS:db-mongo,DNS:localhost,IP:127.0.0.1" export IDENTITY_CN="gateway.egommerce.local,identity.egommerce.local" export IDENTITY_SAN="DNS:gateway.egommerce.local,DNS:identity.egommerce.local,DNS:localhost,IP:127.0.0.1" export CATALOG_CN="gateway.egommerce.local, catalog.egommerce.local" export CATALOG_SAN="DNS:gateway.egommerce.local,DNS:catalog.egommerce.local,DNS:localhost,IP:127.0.0.1" export BASKET_CN="gateway.egommerce.local" export BASKET_SAN="DNS:gateway.egommerce.local,DNS:localhost,IP:127.0.0.1" export ORDER_CN="gateway.egommerce.local" export ORDER_SAN="DNS:gateway.egommerce.local,DNS:localhost,IP:127.0.0.1" export PRICING_CN="gateway.egommerce.local" export PRICING_SAN="DNS:gateway.egommerce.local,DNS:localhost,IP:127.0.0.1" # Create required directories mkdir -p \ ${CERTS_DIR} \ ${CERTS_DIR}ca-root \ ${CERTS_DIR}api-registry \ ${CERTS_DIR}api-gateway \ ${CERTS_DIR}api-vault \ ${CERTS_DIR}api-eventbus \ ${CERTS_DIR}api-cache \ ${CERTS_DIR}api-logger \ ${CERTS_DIR}api-prometheus \ ${CERTS_DIR}api-grafana \ ${CERTS_DIR}db-postgres \ ${CERTS_DIR}db-mongo \ ${CERTS_DIR}identity-svc \ ${CERTS_DIR}basket-svc \ ${CERTS_DIR}catalog-svc \ ${CERTS_DIR}order-svc \ ${CERTS_DIR}pricing-svc # Generate Root CA cert # openssl req -newkey rsa:2048 -nodes -x509 -days 1024 \ # -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/OU=DevOps Team/CN=Egommerce CA" \ # -keyout ${CERTS_DIR}ca-root/ca-root.key -out ${CERTS_DIR}ca-root/ca-root.crt >/dev/null # Generate Registry cert openssl req -newkey rsa:2048 -nodes \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$REGISTRY_CN" \ -keyout ${CERTS_DIR}api-registry/api-registry.key \ -out ${CERTS_DIR}api-registry/api-registry.csr >/dev/null openssl x509 -req -days 365 \ -in ${CERTS_DIR}api-registry/api-registry.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${REGISTRY_SAN}")) \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ -out ${CERTS_DIR}api-registry/api-registry.crt >/dev/null # Generate Gateway cert openssl req -newkey rsa:2048 -nodes \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$GATEWAY_CN" \ -keyout ${CERTS_DIR}api-gateway/api-gateway.key \ -out ${CERTS_DIR}api-gateway/api-gateway.csr >/dev/null openssl x509 -req -days 365 \ -in ${CERTS_DIR}api-gateway/api-gateway.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${GATEWAY_SAN}")) \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ -out ${CERTS_DIR}api-gateway/api-gateway.crt >/dev/null # Genearte Vault cert openssl req -newkey rsa:2048 -nodes \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$VAULT_CN" \ -keyout ${CERTS_DIR}api-vault/api-vault.key \ -out ${CERTS_DIR}api-vault/api-vault.csr >/dev/null openssl x509 -req -days 365 \ -in ${CERTS_DIR}api-vault/api-vault.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${VAULT_SAN}")) \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ -out ${CERTS_DIR}api-vault/api-vault.crt >/dev/null # Genearte Eventbus cert openssl req -newkey rsa:2048 -nodes \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$EVENTBUS_CN" \ -keyout ${CERTS_DIR}api-eventbus/api-eventbus.key \ -out ${CERTS_DIR}api-eventbus/api-eventbus.csr >/dev/null openssl x509 -req -days 365 \ -in ${CERTS_DIR}api-eventbus/api-eventbus.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${EVENTBUS_SAN}")) \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ -out ${CERTS_DIR}api-eventbus/api-eventbus.crt >/dev/null # Genearte Cache cert openssl req -newkey rsa:2048 -nodes \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$CACHE_CN" \ -keyout ${CERTS_DIR}api-cache/api-cache.key \ -out ${CERTS_DIR}api-cache/api-cache.csr >/dev/null openssl x509 -req -days 365 \ -in ${CERTS_DIR}api-cache/api-cache.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${CACHE_SAN}")) \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ -out ${CERTS_DIR}api-cache/api-cache.crt >/dev/null # Genearte Logger cert openssl req -newkey rsa:2048 -nodes \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$LOGGER_CN" \ -keyout ${CERTS_DIR}api-logger/api-logger.key \ -out ${CERTS_DIR}api-logger/api-logger.csr >/dev/null openssl x509 -req -days 365 \ -in ${CERTS_DIR}api-logger/api-logger.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${LOGGER_SAN}")) \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ -out ${CERTS_DIR}api-logger/api-logger.crt >/dev/null # Genearte Prometheus cert openssl req -newkey rsa:2048 -nodes \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$PROMETHEUS_CN" \ -keyout ${CERTS_DIR}api-prometheus/api-prometheus.key \ -out ${CERTS_DIR}api-prometheus/api-prometheus.csr >/dev/null openssl x509 -req -days 365 \ -in ${CERTS_DIR}api-prometheus/api-prometheus.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${PROMETHEUS_SAN}")) \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ -out ${CERTS_DIR}api-prometheus/api-prometheus.crt >/dev/null # Genearte Grafana cert openssl req -newkey rsa:2048 -nodes \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$GRAFANA_CN" \ -keyout ${CERTS_DIR}api-grafana/api-grafana.key \ -out ${CERTS_DIR}api-grafana/api-grafana.csr >/dev/null openssl x509 -req -days 365 \ -in ${CERTS_DIR}api-grafana/api-grafana.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${GRAFANA_SAN}")) \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ -out ${CERTS_DIR}api-grafana/api-grafana.crt >/dev/null # Genearte Postgres cert openssl req -newkey rsa:2048 -nodes \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$POSTGRES_CN" \ -keyout ${CERTS_DIR}db-postgres/db-postgres.key \ -out ${CERTS_DIR}db-postgres/db-postgres.csr >/dev/null openssl x509 -req -days 365 \ -in ${CERTS_DIR}db-postgres/db-postgres.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${POSTGRES_SAN}")) \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ -out ${CERTS_DIR}db-postgres/db-postgres.crt >/dev/null # Genearte Mongo cert openssl req -newkey rsa:2048 -nodes \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$MONGO_CN" \ -keyout ${CERTS_DIR}db-mongo/db-mongo.key \ -out ${CERTS_DIR}db-mongo/db-mongo.csr >/dev/null openssl x509 -req -days 365 \ -in ${CERTS_DIR}db-mongo/db-mongo.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${MONGO_SAN}")) \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ -out ${CERTS_DIR}db-mongo/db-mongo.crt >/dev/null # Genearte Identity cert openssl req -newkey rsa:2048 -nodes \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$IDENTITY_CN" \ -keyout ${CERTS_DIR}identity-svc/identity-svc.key \ -out ${CERTS_DIR}identity-svc/identity-svc.csr >/dev/null openssl x509 -req -days 365 \ -in ${CERTS_DIR}identity-svc/identity-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${IDENTITY_SAN}")) \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ -out ${CERTS_DIR}identity-svc/identity-svc.crt >/dev/null # Genearte Basket cert openssl req -newkey rsa:2048 -nodes \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$BASKET_CN" \ -keyout ${CERTS_DIR}basket-svc/basket-svc.key \ -out ${CERTS_DIR}basket-svc/basket-svc.csr >/dev/null openssl x509 -req -days 365 \ -in ${CERTS_DIR}basket-svc/basket-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${BASKET_SAN}")) \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ -out ${CERTS_DIR}basket-svc/basket-svc.crt >/dev/null # Genearte Catalog cert openssl req -newkey rsa:2048 -nodes \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$CATALOG_CN" \ -keyout ${CERTS_DIR}catalog-svc/catalog-svc.key \ -out ${CERTS_DIR}catalog-svc/catalog-svc.csr >/dev/null openssl x509 -req -days 365 \ -in ${CERTS_DIR}catalog-svc/catalog-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${CATALOG_SAN}")) \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ -out ${CERTS_DIR}catalog-svc/catalog-svc.crt >/dev/null # Genearte Order cert openssl req -newkey rsa:2048 -nodes \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$ORDER_CN" \ -keyout ${CERTS_DIR}order-svc/order-svc.key \ -out ${CERTS_DIR}order-svc/order-svc.csr >/dev/null openssl x509 -req -days 365 \ -in ${CERTS_DIR}order-svc/order-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${ORDER_SAN}")) \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ -out ${CERTS_DIR}order-svc/order-svc.crt >/dev/null # Genearte Pricing cert openssl req -newkey rsa:2048 -nodes \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$PRICING_CN" \ -keyout ${CERTS_DIR}pricing-svc/pricing-svc.key \ -out ${CERTS_DIR}pricing-svc/pricing-svc.csr >/dev/null openssl x509 -req -days 365 \ -in ${CERTS_DIR}pricing-svc/pricing-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${PRICING_SAN}")) \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ -out ${CERTS_DIR}pricing-svc/pricing-svc.crt >/dev/null