X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=service-exposure%2Fcerts%2Fclient_certs.sh;h=bad7583c1d1f10d0ae259844130cd3dbb315ac22;hb=2c6c06ebb4e672ffa74690dc2fc35554011d4e28;hp=fbda1ec62f2ae742e68ab01858cd61287e16c3a3;hpb=076d02a9b303b31b58c1700d1d30b3ccdec08bf4;p=nonrtric.git diff --git a/service-exposure/certs/client_certs.sh b/service-exposure/certs/client_certs.sh index fbda1ec6..bad7583c 100755 --- a/service-exposure/certs/client_certs.sh +++ b/service-exposure/certs/client_certs.sh @@ -1,7 +1,7 @@ #!/bin/sh # # ============LICENSE_START======================================================= -# Copyright (C) 2022 Nordix Foundation. +# Copyright (C) 2022-2023 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,14 +19,31 @@ # ============LICENSE_END========================================================= # - CLIENT_SUBJECT="/C=IE/ST=Dublin/L=Dublin/O=Keycloak/OU=Keycloak/CN=localhost/emailAddress=client@mail.com" PW=changeit +CERTNAME=client +IP=$(minikube ip) +DAYS=3650 +rm ${CERTNAME}.key ${CERTNAME}.csr ${CERTNAME}.crt ${CERTNAME}.p12 ${CERTNAME}.pem ${CERTNAME}_pub.key 2>/dev/null echo $PW > secretfile.txt -openssl req -new -newkey rsa:4096 -nodes -keyout client.key -subj "$CLIENT_SUBJECT" -out client.csr +echo "subjectKeyIdentifier = hash" > x509.ext +echo "authorityKeyIdentifier = keyid:always,issuer:always" >> x509.ext +echo "basicConstraints = CA:TRUE" >> x509.ext +echo "keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign" >> x509.ext +echo "subjectAltName = DNS.1:localhost, IP.1:127.0.0.1, DNS.2:minikube, IP.2:${IP}, DNS.3:keycloak.default, DNS.4:keycloak.est.tech, DNS.5:keycloak" >> x509.ext +echo "issuerAltName = issuer:copy" >> x509.ext + +openssl req -new -newkey rsa:4096 -nodes -keyout ${CERTNAME}.key -subj "$CLIENT_SUBJECT" -out ${CERTNAME}.csr + +openssl x509 -req -CA rootCA.crt -CAkey rootCA.key -in ${CERTNAME}.csr -passin file:secretfile.txt -out ${CERTNAME}.crt -days $DAYS -CAcreateserial -extfile x509.ext + + +openssl pkcs12 -export -clcerts -in ${CERTNAME}.crt -inkey ${CERTNAME}.key -passout file:secretfile.txt -out ${CERTNAME}.p12 + +openssl pkcs12 -in ${CERTNAME}.p12 -password pass:$PW -passout file:secretfile.txt -out ${CERTNAME}.pem -clcerts -nodes -openssl x509 -req -CA rootCA.crt -CAkey rootCA.key -in client.csr -passin file:secretfile.txt -out client.crt -days 365 -CAcreateserial +openssl rsa -in ${CERTNAME}.key -outform PEM -pubout -out ${CERTNAME}_pub.key -rm secretfile.txt 2>/dev/null +rm secretfile.txt x509.ext 2>/dev/null