Add scripts for generating TLS

bartjkdp · bartjkdp · commit 09e05f3e9e51 · 2024-03-08T16:18:53.000+01:00
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,4 @@
 bin/
 _dist/
+*.pem
+
diff --git a/ca-config.json b/ca-config.json
@@ -0,0 +1,18 @@
+{
+    "signing": {
+        "default": {
+            "expiry": "8760h"
+        },
+        "profiles": {
+            "server": {
+                "usages": [
+                    "signing",
+                    "key encipherment",
+                    "server auth",
+                    "client auth"
+                ],
+                "expiry": "8760h"
+            }
+        }
+    }
+}
diff --git a/ca-csr.json b/ca-csr.json
@@ -0,0 +1,16 @@
+{
+    "CN": "filter-proxy",
+    "key": {
+        "algo": "ecdsa",
+        "size": 521
+    },
+    "names": [
+        {
+            "C": "NL",
+            "L": "Utrecht",
+            "O": "filter-proxy",
+            "OU": "CA",
+            "ST": "Utrecht"
+        }
+    ]
+}
diff --git a/ca.csr b/ca.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBrzCCARECAQAwbDELMAkGA1UEBhMCTkwxEDAOBgNVBAgTB1V0cmVjaHQxEDAO
+BgNVBAcTB1V0cmVjaHQxFTATBgNVBAoTDGZpbHRlci1wcm94eTELMAkGA1UECxMC
+Q0ExFTATBgNVBAMTDGZpbHRlci1wcm94eTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOB
+hgAEAef39QdoA3I0Xc8pLn2FF2Cc5CfHJT2Rw+a6KYA2QYcpYAdx+R8pS5LWJaP0
+64YX4WpY/njhRYWmnLZrOyNfJSI6Admt1KF1f84LfkZ/dsN3GJMLG7TLWdEr/2ge
+39PfuOSdf+HfCGhV9OLKBTUSjbz1Z5CvYlRdwXk07APV3oxG1vHGoAAwCgYIKoZI
+zj0EAwQDgYsAMIGHAkIBQiNkyrERITdHttNCUuLZbxaXF7S/hpbDmXtU7cCMLGQW
+bTI3yEtsaVUFID1HQZlrwzmvOzcqzUWc8MzF0HlXk0gCQSUDnUSHgowPyjDQBgaa
+QFnkS6CG5fRj/54aQsnV4Xeofaz4+gpvPnSAAX6TuCLCfS4oz27h1iRf8iy8L+/x
+Tv7B
+-----END CERTIFICATE REQUEST-----
diff --git a/generate-tls.sh b/generate-tls.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+cfssl gencert -initca ca-csr.json | cfssljson -bare ca
+
+cfssl gencert \
+  -ca=ca.pem \
+  -ca-key=ca-key.pem \
+  -config=ca-config.json \
+  -profile=server \
+  tls-csr.json | cfssljson -bare tls
diff --git a/tls-csr.json b/tls-csr.json
@@ -0,0 +1,19 @@
+{
+    "CN": "localhost",
+    "hosts": [
+        "localhost"
+    ],
+    "key": {
+        "algo": "rsa",
+        "size": 2048
+    },
+    "names": [
+        {
+            "C": "NL",
+            "L": "Utrecht",
+            "O": "filter-proxy",
+            "OU": "localhost",
+            "ST": "Utrecht"
+        }
+    ]
+}
diff --git a/tls.csr b/tls.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC3DCCAcQCAQAwcDELMAkGA1UEBhMCTkwxEDAOBgNVBAgTB1V0cmVjaHQxEDAO
+BgNVBAcTB1V0cmVjaHQxFTATBgNVBAoTDGZpbHRlci1wcm94eTESMBAGA1UECxMJ
+bG9jYWxob3N0MRIwEAYDVQQDEwlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDN8b7Szo+f8b5U2EymmQzKgGxxGcDuTBnZ92KrkVQRTn0Q
+5ZUKFBZIa+I+zm9acszF8Sz0vXf4DQz1K5tZdY9OjrMaHuTuChF6PIbzoOhmKWxB
+/kKc1mwsyAULviOqu/BaqDj7kdlvJWXPqrA7YhCXimF62wAnTnPoI7IXuk1oOEIL
+Sm6zus/IBDWienBOdapm9LDG7My8h1xFcU8M0T8mDqhV/tgcoxjR+sT9OkoaLTL6
+TJvtr25ANuey+U40iX4ucWTGAvO+82vDgFN6Kbohq9PAzCVbhl57qKelJC13z4x+
+2pKJ9FYJp/+Cqn4wxKXE1RtjmbvGHVAUnGagC/vdAgMBAAGgJzAlBgkqhkiG9w0B
+CQ4xGDAWMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEA
+O7OzflCaTtoDOqeE4zG5Fx3egF2TL1HI0kjVUH8j3QBhWJbzeNPHZloreHrHKPbv
+xKisgT5KmrN81rW510YOs62sdZaf9E+WC4+qPWR4+0+oh/RDJxwznBYf3mbzQ484
+zr2tKsrOTWnSM82N0/rNpOYXLpCJzHyQmzbIfrE9UAd1AUVLNAHUj9PCVfkqCNWK
+8h04+77wpmhSKy8Lninh7Y0hD+7MWh8r9smC3GfblxxYAMpCKiqhEyjkZH+b5R3S
+D+aevNXdV9819DDM8+fjnnzOjy2v1nb8V+gpZklZl6oAP1vd0AqNUfgyc2YBe5+w
+w+ChpBSxl+jJqu86+CMhRg==
+-----END CERTIFICATE REQUEST-----

-Original file line number
+Diff line change
@@ @@ -1,2 +1,4 @@ @@
 bin/
 _dist/
 +*.pem
++