Merge pull request #2468 from LuckySB/master
change expirations period for generated certificate from 10y to 100 years
This commit is contained in:
commit
50e5f0d28b
3 changed files with 7 additions and 7 deletions
|
@ -65,7 +65,7 @@ if [ -e "$SSLDIR/ca-key.pem" ]; then
|
||||||
cp $SSLDIR/{ca.pem,ca-key.pem} .
|
cp $SSLDIR/{ca.pem,ca-key.pem} .
|
||||||
else
|
else
|
||||||
openssl genrsa -out ca-key.pem 2048 > /dev/null 2>&1
|
openssl genrsa -out ca-key.pem 2048 > /dev/null 2>&1
|
||||||
openssl req -x509 -new -nodes -key ca-key.pem -days 10000 -out ca.pem -subj "/CN=etcd-ca" > /dev/null 2>&1
|
openssl req -x509 -new -nodes -key ca-key.pem -days 36500 -out ca.pem -subj "/CN=etcd-ca" > /dev/null 2>&1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# ETCD member
|
# ETCD member
|
||||||
|
@ -75,12 +75,12 @@ if [ -n "$MASTERS" ]; then
|
||||||
# Member key
|
# Member key
|
||||||
openssl genrsa -out member-${host}-key.pem 2048 > /dev/null 2>&1
|
openssl genrsa -out member-${host}-key.pem 2048 > /dev/null 2>&1
|
||||||
openssl req -new -key member-${host}-key.pem -out member-${host}.csr -subj "/CN=etcd-member-${cn}" -config ${CONFIG} > /dev/null 2>&1
|
openssl req -new -key member-${host}-key.pem -out member-${host}.csr -subj "/CN=etcd-member-${cn}" -config ${CONFIG} > /dev/null 2>&1
|
||||||
openssl x509 -req -in member-${host}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out member-${host}.pem -days 3650 -extensions ssl_client -extfile ${CONFIG} > /dev/null 2>&1
|
openssl x509 -req -in member-${host}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out member-${host}.pem -days 36500 -extensions ssl_client -extfile ${CONFIG} > /dev/null 2>&1
|
||||||
|
|
||||||
# Admin key
|
# Admin key
|
||||||
openssl genrsa -out admin-${host}-key.pem 2048 > /dev/null 2>&1
|
openssl genrsa -out admin-${host}-key.pem 2048 > /dev/null 2>&1
|
||||||
openssl req -new -key admin-${host}-key.pem -out admin-${host}.csr -subj "/CN=etcd-admin-${cn}" > /dev/null 2>&1
|
openssl req -new -key admin-${host}-key.pem -out admin-${host}.csr -subj "/CN=etcd-admin-${cn}" > /dev/null 2>&1
|
||||||
openssl x509 -req -in admin-${host}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out admin-${host}.pem -days 3650 -extensions ssl_client -extfile ${CONFIG} > /dev/null 2>&1
|
openssl x509 -req -in admin-${host}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out admin-${host}.pem -days 36500 -extensions ssl_client -extfile ${CONFIG} > /dev/null 2>&1
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -90,7 +90,7 @@ if [ -n "$HOSTS" ]; then
|
||||||
cn="${host%%.*}"
|
cn="${host%%.*}"
|
||||||
openssl genrsa -out node-${host}-key.pem 2048 > /dev/null 2>&1
|
openssl genrsa -out node-${host}-key.pem 2048 > /dev/null 2>&1
|
||||||
openssl req -new -key node-${host}-key.pem -out node-${host}.csr -subj "/CN=etcd-node-${cn}" > /dev/null 2>&1
|
openssl req -new -key node-${host}-key.pem -out node-${host}.csr -subj "/CN=etcd-node-${cn}" > /dev/null 2>&1
|
||||||
openssl x509 -req -in node-${host}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out node-${host}.pem -days 3650 -extensions ssl_client -extfile ${CONFIG} > /dev/null 2>&1
|
openssl x509 -req -in node-${host}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out node-${host}.pem -days 36500 -extensions ssl_client -extfile ${CONFIG} > /dev/null 2>&1
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
|
@ -69,7 +69,7 @@ if [ -e "$SSLDIR/ca-key.pem" ]; then
|
||||||
cp $SSLDIR/{ca.pem,ca-key.pem} .
|
cp $SSLDIR/{ca.pem,ca-key.pem} .
|
||||||
else
|
else
|
||||||
openssl genrsa -out ca-key.pem 2048 > /dev/null 2>&1
|
openssl genrsa -out ca-key.pem 2048 > /dev/null 2>&1
|
||||||
openssl req -x509 -new -nodes -key ca-key.pem -days 10000 -out ca.pem -subj "/CN=kube-ca" > /dev/null 2>&1
|
openssl req -x509 -new -nodes -key ca-key.pem -days 36500 -out ca.pem -subj "/CN=kube-ca" > /dev/null 2>&1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
gen_key_and_cert() {
|
gen_key_and_cert() {
|
||||||
|
@ -77,7 +77,7 @@ gen_key_and_cert() {
|
||||||
local subject=$2
|
local subject=$2
|
||||||
openssl genrsa -out ${name}-key.pem 2048 > /dev/null 2>&1
|
openssl genrsa -out ${name}-key.pem 2048 > /dev/null 2>&1
|
||||||
openssl req -new -key ${name}-key.pem -out ${name}.csr -subj "${subject}" -config ${CONFIG} > /dev/null 2>&1
|
openssl req -new -key ${name}-key.pem -out ${name}.csr -subj "${subject}" -config ${CONFIG} > /dev/null 2>&1
|
||||||
openssl x509 -req -in ${name}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out ${name}.pem -days 3650 -extensions v3_req -extfile ${CONFIG} > /dev/null 2>&1
|
openssl x509 -req -in ${name}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out ${name}.pem -days 36500 -extensions v3_req -extfile ${CONFIG} > /dev/null 2>&1
|
||||||
}
|
}
|
||||||
|
|
||||||
# Admins
|
# Admins
|
||||||
|
|
|
@ -17,7 +17,7 @@ rm -f $KEY_PATH
|
||||||
rm -f $CERT_PATH
|
rm -f $CERT_PATH
|
||||||
|
|
||||||
openssl genrsa -out $KEY_PATH 2048 >/dev/null 2>&1
|
openssl genrsa -out $KEY_PATH 2048 >/dev/null 2>&1
|
||||||
openssl req -new -x509 -sha256 -days 3650 \
|
openssl req -new -x509 -sha256 -days 36500 \
|
||||||
-key $KEY_PATH \
|
-key $KEY_PATH \
|
||||||
-out $CERT_PATH \
|
-out $CERT_PATH \
|
||||||
-subj "/C=US/ST=CA/L=San Jose/O=CPSG/OU=IT Department/CN=auth-local.cisco.com"
|
-subj "/C=US/ST=CA/L=San Jose/O=CPSG/OU=IT Department/CN=auth-local.cisco.com"
|
||||||
|
|
Loading…
Reference in a new issue