3 # Copyright (c) 2019 AT&T Intellectual Property.
4 # Copyright (c) 2019 Nokia.
6 # Licensed under the Apache License, Version 2.0 (the "License");
7 # you may not use this file except in compliance with the License.
8 # You may obtain a copy of the License at
10 # http://www.apache.org/licenses/LICENSE-2.0
12 # Unless required by applicable law or agreed to in writing, software
13 # distributed under the License is distributed on an "AS IS" BASIS,
14 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 # See the License for the specific language governing permissions and
16 # limitations under the License.
18 dnBase=${CERT_DN:-'/C=US/O=O-RAN Alliance/OU=O-RAN Software Community'}
19 keyBits=${KEY_BITS:-4096}
21 CAHome=${CA_DIR:-'/pki'}
22 CADays=${CA_CERT_EXPIRY:-9125}
23 CAKey=${CAHome}/${CA_KEY_NAME:-ca.key.pem}
24 CACert=${CAHome}/${CA_CERT_NAME:-ca.cert.pem}
26 CertHome=${CERT_DIR:-$CAHome}
28 TillerDays=${TILLER_CERT_EXPIRY:-3650}
29 TillerKey=${CertHome}/${TILLER_KEY_NAME:-tiller.key.pem}
30 TillerCert=${CertHome}/${TILLER_CERT_NAME:-tiller.cert.pem}
31 TillerCN=${TILLER_CN:-tiller}
33 HelmDays=${HELM_CERT_EXPIRY:-3650}
34 HelmKey=${CertHome}/${HELM_KEY_NAME:-helm.key.pem}
35 HelmCert=${CertHome}/${HELM_CERT_NAME:-helm.cert.pem}
36 HelmCN=${HELM_CN:-helm}
39 if [ ! -d ${CAHome} ]; then
42 if [ ! -f ${CAKey} ]; then
43 openssl genrsa -out ${CAKey} ${keyBits}
45 if [ ! -f ${CACert} ]; then
46 openssl req -new -x509 -extensions v3_ca -sha256 -days ${CADays} \
52 # 2. tiller server cert
53 if [ ! -f ${TillerKey} ]; then
54 openssl genrsa -out ${TillerKey} ${keyBits}
56 if [ ! -f ${TillerCert} ]; then
58 openssl req -new -sha256 \
61 -subj "${dnBase}/CN=${TillerCN}"
62 openssl x509 -req -CAcreateserial -days ${TillerDays} \
70 if [ ! -f ${HelmKey} ]; then
71 openssl genrsa -out ${HelmKey} ${keyBits}
73 if [ ! -f ${HelmCert} ]; then
75 openssl req -new -sha256 \
78 -subj "${dnBase}/CN=${HelmCN}"
79 openssl x509 -req -CAcreateserial -days ${HelmDays} \