Add more certs generation. Update README.

2021-12-12 01:21:32 +01:00 · 2021-12-12 01:21:32 +01:00 · 132f86d659
commit 132f86d659
parent 57fc9ae7f7
2 changed files with 8 additions and 6 deletions
--- a/6
+++ b/6
@ -1,7 +1,7 @@
-Certificates creation:
-./create_conf.sh
+The file ca.key can only be found in the encrypted archive for secrets.

-Then store the directory conf/ in the encrypted archive for secrets.
+Certificates are created as below and the directory conf is stored in the encrypted archive for secrets:
+./create_conf.sh

 Two docker-compose files are provided: one in host mode and one for regular docker network.

--- a/create_conf.sh
+++ b/create_conf.sh
@ -13,9 +13,11 @@ openssl x509 -req -days 3650 -CA ca.crt -CAkey ca.key -CAcreateserial -extension
 openssl req -nodes -new -keyout client2.key -out client2.csr -subj "/C=FR/O=scimetis/CN=serveur-appart.scimetis.net" -reqexts usr_cert -config ../openssl.conf
 openssl x509 -req -days 3650 -CA ca.crt -CAkey ca.key -CAcreateserial -extensions usr_cert -extfile ../openssl.conf -in client2.csr -out client2.crt

-NAME=modane
-openssl req -nodes -new -keyout ${NAME}.key -out ${NAME}.csr -subj "/C=FR/O=scimetis/CN=${NAME}.scimetis.net" -reqexts usr_cert -config ../openssl.conf
-openssl x509 -req -days 3650 -CA ca.crt -CAkey ca.key -CAcreateserial -extensions usr_cert -extfile ../openssl.conf -in ${NAME}.csr -out ${NAME}.crt
+for NAME in modane Y10
+do
+  openssl req -nodes -new -keyout ${NAME}.key -out ${NAME}.csr -subj "/C=FR/O=scimetis/CN=${NAME}.scimetis.net" -reqexts usr_cert -config ../openssl.conf
+  openssl x509 -req -days 3650 -CA ca.crt -CAkey ca.key -CAcreateserial -extensions usr_cert -extfile ../openssl.conf -in ${NAME}.csr -out ${NAME}.crt
+done

 chcon -R -u system_u -r object_r -t svirt_sandbox_file_t ./
 mkdir keys