egommerce/stack
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
6848b55101
stack/deploy/make-cert.sh
Piotr Biernat 6848b55101 Update & Refactor
2024-12-24 14:29:04 +01:00

157 lines
8.3 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
cd deploy/certs
mkdir -p ca
mkdir -p api-gateway api-registry api-gateway api-eventbus api-vault
mkdir -p basket-svc catalog-svc identity-svc order-svc pricing-svc
# # Generate ROOT Key
# openssl genrsa -out ca/internalCA.key 4096
# # Generate ROOT Cert
# openssl req -x509 -new -nodes -key ca/internalCA.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io CA/CN=egommerce.io" \
# -sha256 -days 3650 -out ca/internalCA.crt
# # MANAGING SERVICES
# # Generate Key for API-REGISTRY
# openssl genrsa -out api-registry/registry.key 2048
# # Generate Cert for API-REGISTRY
openssl req -new -sha256 -key api-registry/registry.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-registry" \
-out api-registry/registry.internal.csr
openssl req -new -sha256 -key api-registry/registry.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-registry" \
-out api-registry/registry.local.csr
openssl x509 -req -in api-registry/registry.internal.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-registry,DNS:consul.service.ego.io,DNS:consul.service.dc.ego.io,IP:127.0.0.1')) \
-out api-registry/registry.internal.crt -days 365 -sha256
openssl x509 -req -in api-registry/registry.local.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-registry,DNS:registry.egommerce.local,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
-out api-registry/registry.local.crt -days 365 -sha256
# # Generate Key for API-GATEWAY
# openssl genrsa -out api-gateway/gateway.key 2048
# # Generate Cert for API-GATEWAY
openssl req -new -sha256 -key api-gateway/gateway.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-gateway" \
-out api-gateway/gateway.internal.csr
openssl req -new -sha256 -key api-gateway/gateway.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-gateway" \
-out api-gateway/gateway.local.csr
openssl x509 -req -in api-gateway/gateway.internal.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-gateway,DNS:gateway.service.ego.io,DNS:gateway.service.dc.ego.io,IP:127.0.0.1')) \
-out api-gateway/gateway.internal.crt -days 365 -sha256
openssl x509 -req -in api-gateway/gateway.local.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-gateway,DNS:gateway.egommerce.local,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
-out api-gateway/gateway.local.crt -days 365 -sha256
# Generate Key for API-VAULT
# openssl genrsa -out api-vault/vault.key 2048
# Generate Cert for API-VAULT
openssl req -new -sha256 -key api-vault/vault.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-vault" \
-out api-vault/vault.internal.csr
openssl req -new -sha256 -key api-vault/vault.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-vault" \
-out api-vault/vault.local.csr
openssl x509 -req -in api-vault/vault.internal.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-vault,DNS:vault.service.ego.io,DNS:localhost,IP:127.0.0.1')) \
-out api-vault/vault.internal.crt -days 365 -sha256
openssl x509 -req -in api-vault/vault.local.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-vault,DNS:vault.egommerce.local,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
-out api-vault/vault.local.crt -days 365 -sha256
# Generate Key for API-EVENTBUS
# openssl genrsa -out api-eventbus/eventbus.key 2048
# Generate Cert for API-EVENTBUS
openssl req -new -sha256 -key api-eventbus/eventbus.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-eventbus" \
-out api-eventbus/eventbus.internal.csr
openssl req -new -sha256 -key api-eventbus/eventbus.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-eventbus" \
-out api-eventbus/eventbus.local.csr
openssl x509 -req -in api-eventbus/eventbus.internal.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-eventbus,DNS:esb.service.ego.io,DNS:localhost,IP:127.0.0.1')) \
-out api-eventbus/eventbus.internal.crt -days 365 -sha256
openssl x509 -req -in api-eventbus/eventbus.local.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-eventbus,DNS:eventbus.egommerce.local,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
-out api-eventbus/eventbus.local.crt -days 365 -sha256
# API MICROSERVICES
# Generate Key for domain (service) - BASKET-SVC
# openssl genrsa -out basket-svc/basket-svc.key 2048
# Generate Cert for domain (service) - BASKET-SVC
openssl req -new -sha256 -key basket-svc/basket-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=basket-svc" \
-out basket-svc/basket-svc.csr
openssl x509 -req -in basket-svc/basket-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:basket-svc,DNS:basket.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
-out basket-svc/basket-svc.crt -days 365 -sha256
# Generate Key for domain (service) - CATALOG-SVC
# openssl genrsa -out catalog-svc/catalog-svc.key 2048
# Generate Cert for domain (service) - CATALOG-SVC
openssl req -new -sha256 -key catalog-svc/catalog-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=catalog-svc" \
-out catalog-svc/catalog-svc.csr
openssl x509 -req -in catalog-svc/catalog-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:catalog-svc,DNS:catalog.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
-out catalog-svc/catalog-svc.crt -days 365 -sha256
# Generate Key for domain (service) - IDENTITY-SVC
# openssl genrsa -out identity-svc/identity-svc.key 2048
# Generate Cert for domain (service) - IDENTITY-SVC
openssl req -new -sha256 -key identity-svc/identity-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=identity-svc" \
-out identity-svc/identity-svc.csr
openssl x509 -req -in identity-svc/identity-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:identity-svc,DNS:identity.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
-out identity-svc/identity-svc.crt -days 365 -sha256
# Generate Key for domain (service) - ORDER-SVC
# openssl genrsa -out order-svc/order-svc.key 2048
# Generate Cert for domain (service) - ORDER-SVC
openssl req -new -sha256 -key order-svc/order-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=order-svc" \
-out order-svc/order-svc.csr
openssl x509 -req -in order-svc/order-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:order-svc,DNS:order.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
-out order-svc/order-svc.crt -days 365 -sha256
# Generate Key for domain (service) - PRICING-SVC
# openssl genrsa -out pricing-svc/pricing-svc.key 2048
# Generate Cert for domain (service) - PRICING-SVC
openssl req -new -sha256 -key pricing-svc/pricing-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=pricing-svc" \
-out pricing-svc/pricing-svc.csr
openssl x509 -req -in pricing-svc/pricing-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:pricing-svc,DNS:pricing.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
-out pricing-svc/pricing-svc.crt -days 365 -sha256
Reference in New Issue View Git Blame Copy Permalink