29 lines
1.2 KiB
Bash
Executable File
29 lines
1.2 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Load .env
|
|
if [ -f .env ]; then
|
|
export $(grep -v '^#' .env | xargs -0)
|
|
else
|
|
echo "Error: .env file not found."
|
|
exit 1
|
|
fi
|
|
|
|
CERT_DIR="loki/cert"
|
|
mkdir -p "$CERT_DIR"
|
|
|
|
# Root CA certificate
|
|
openssl req -newkey rsa:4096 -nodes -keyout ca.key -subj "$CA_SUBJECT" -out ca.csr
|
|
openssl x509 -req -days 3650 -in ca.csr -signkey ca.key -out "$CERT_DIR/ca.crt"
|
|
|
|
# Server certificate
|
|
openssl req -newkey rsa:4096 -nodes -keyout "$CERT_DIR/server.key" -subj "$SERVER_SUBJECT" -out "$CERT_DIR/server.csr"
|
|
openssl x509 -req -extfile <(printf "subjectAltName=$SERVER_DNS") -days 1365 -in "$CERT_DIR/server.csr" -CA "$CERT_DIR/ca.crt" -CAkey ca.key -CAcreateserial -out "$CERT_DIR/server.crt"
|
|
|
|
# Client certificate
|
|
openssl req -newkey rsa:4096 -nodes -keyout "$CERT_DIR/client.key" -subj "$CLIENT_SUBJECT" -out "$CERT_DIR/client.csr"
|
|
openssl x509 -req -extfile <(printf "subjectAltName=$CLIENT_DNS") -days 1365 -in "$CERT_DIR/client.csr" -CA "$CERT_DIR/ca.crt" -CAkey ca.key -CAcreateserial -out "$CERT_DIR/client.crt"
|
|
|
|
# Clean up!
|
|
rm -f ca.csr "$CERT_DIR/server.csr" "$CERT_DIR/client.csr" ca.srl
|
|
|
|
echo "Certificate generation completed successfully. Certificates are stored in the '$CERT_DIR' directory." |
