diff --git a/README b/README index ea69688..c33b070 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ -Certificates creation: -./create_conf.sh +The file ca.key can only be found in the encrypted archive for secrets. -Then store the directory conf/ in the encrypted archive for secrets. +Certificates are created as below and the directory conf is stored in the encrypted archive for secrets: +./create_conf.sh Two docker-compose files are provided: one in host mode and one for regular docker network. diff --git a/create_conf.sh b/create_conf.sh index 704c641..b20c5f8 100755 --- a/create_conf.sh +++ b/create_conf.sh @@ -13,9 +13,11 @@ openssl x509 -req -days 3650 -CA ca.crt -CAkey ca.key -CAcreateserial -extension openssl req -nodes -new -keyout client2.key -out client2.csr -subj "/C=FR/O=scimetis/CN=serveur-appart.scimetis.net" -reqexts usr_cert -config ../openssl.conf openssl x509 -req -days 3650 -CA ca.crt -CAkey ca.key -CAcreateserial -extensions usr_cert -extfile ../openssl.conf -in client2.csr -out client2.crt -NAME=modane -openssl req -nodes -new -keyout ${NAME}.key -out ${NAME}.csr -subj "/C=FR/O=scimetis/CN=${NAME}.scimetis.net" -reqexts usr_cert -config ../openssl.conf -openssl x509 -req -days 3650 -CA ca.crt -CAkey ca.key -CAcreateserial -extensions usr_cert -extfile ../openssl.conf -in ${NAME}.csr -out ${NAME}.crt +for NAME in modane Y10 +do + openssl req -nodes -new -keyout ${NAME}.key -out ${NAME}.csr -subj "/C=FR/O=scimetis/CN=${NAME}.scimetis.net" -reqexts usr_cert -config ../openssl.conf + openssl x509 -req -days 3650 -CA ca.crt -CAkey ca.key -CAcreateserial -extensions usr_cert -extfile ../openssl.conf -in ${NAME}.csr -out ${NAME}.crt +done chcon -R -u system_u -r object_r -t svirt_sandbox_file_t ./ mkdir keys