| ktimoney | 28fa9fb | 2022-05-30 16:08:27 +0100 | [diff] [blame] | 1 | #!/bin/sh |
| 2 | # |
| 3 | # ============LICENSE_START======================================================= |
| ktimoney | df61b02 | 2023-04-04 17:17:35 +0100 | [diff] [blame] | 4 | # Copyright (C) 2022-2023 Nordix Foundation. |
| ktimoney | 28fa9fb | 2022-05-30 16:08:27 +0100 | [diff] [blame] | 5 | # ================================================================================ |
| 6 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 7 | # you may not use this file except in compliance with the License. |
| 8 | # You may obtain a copy of the License at |
| 9 | # |
| 10 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 11 | # |
| 12 | # Unless required by applicable law or agreed to in writing, software |
| 13 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 15 | # See the License for the specific language governing permissions and |
| 16 | # limitations under the License. |
| 17 | # |
| 18 | # SPDX-License-Identifier: Apache-2.0 |
| 19 | # ============LICENSE_END========================================================= |
| 20 | # |
| 21 | |
| ktimoney | 076d02a | 2022-12-13 09:23:43 +0000 | [diff] [blame] | 22 | CLIENT_SUBJECT="/C=IE/ST=Dublin/L=Dublin/O=Keycloak/OU=Keycloak/CN=localhost/emailAddress=client@mail.com" |
| ktimoney | 28fa9fb | 2022-05-30 16:08:27 +0100 | [diff] [blame] | 23 | PW=changeit |
| ktimoney | df61b02 | 2023-04-04 17:17:35 +0100 | [diff] [blame] | 24 | CERTNAME=client |
| 25 | IP=$(minikube ip) |
| 26 | DAYS=3650 |
| ktimoney | 28fa9fb | 2022-05-30 16:08:27 +0100 | [diff] [blame] | 27 | |
| ktimoney | df61b02 | 2023-04-04 17:17:35 +0100 | [diff] [blame] | 28 | rm ${CERTNAME}.key ${CERTNAME}.csr ${CERTNAME}.crt ${CERTNAME}.p12 ${CERTNAME}.pem ${CERTNAME}_pub.key 2>/dev/null |
| ktimoney | 28fa9fb | 2022-05-30 16:08:27 +0100 | [diff] [blame] | 29 | echo $PW > secretfile.txt |
| 30 | |
| ktimoney | df61b02 | 2023-04-04 17:17:35 +0100 | [diff] [blame] | 31 | echo "subjectKeyIdentifier = hash" > x509.ext |
| 32 | echo "authorityKeyIdentifier = keyid:always,issuer:always" >> x509.ext |
| 33 | echo "basicConstraints = CA:TRUE" >> x509.ext |
| 34 | echo "keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign" >> x509.ext |
| 35 | echo "subjectAltName = DNS.1:localhost, IP.1:127.0.0.1, DNS.2:minikube, IP.2:${IP}, DNS.3:keycloak.default, DNS.4:keycloak.est.tech, DNS.5:keycloak" >> x509.ext |
| 36 | echo "issuerAltName = issuer:copy" >> x509.ext |
| ktimoney | 28fa9fb | 2022-05-30 16:08:27 +0100 | [diff] [blame] | 37 | |
| ktimoney | df61b02 | 2023-04-04 17:17:35 +0100 | [diff] [blame] | 38 | openssl req -new -newkey rsa:4096 -nodes -keyout ${CERTNAME}.key -subj "$CLIENT_SUBJECT" -out ${CERTNAME}.csr |
| ktimoney | 28fa9fb | 2022-05-30 16:08:27 +0100 | [diff] [blame] | 39 | |
| ktimoney | df61b02 | 2023-04-04 17:17:35 +0100 | [diff] [blame] | 40 | openssl x509 -req -CA rootCA.crt -CAkey rootCA.key -in ${CERTNAME}.csr -passin file:secretfile.txt -out ${CERTNAME}.crt -days $DAYS -CAcreateserial -extfile x509.ext |
| 41 | |
| 42 | |
| 43 | openssl pkcs12 -export -clcerts -in ${CERTNAME}.crt -inkey ${CERTNAME}.key -passout file:secretfile.txt -out ${CERTNAME}.p12 |
| 44 | |
| 45 | openssl pkcs12 -in ${CERTNAME}.p12 -password pass:$PW -passout file:secretfile.txt -out ${CERTNAME}.pem -clcerts -nodes |
| 46 | |
| 47 | openssl rsa -in ${CERTNAME}.key -outform PEM -pubout -out ${CERTNAME}_pub.key |
| 48 | |
| 49 | rm secretfile.txt x509.ext 2>/dev/null |