https://github.com/stevesloka/gen-certs
https://github.com/stevesloka/gen-certs
Last synced: 3 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/stevesloka/gen-certs
- Owner: stevesloka
- Created: 2017-07-13T15:28:46.000Z (almost 8 years ago)
- Default Branch: master
- Last Pushed: 2017-07-14T13:22:34.000Z (almost 8 years ago)
- Last Synced: 2025-01-25T06:12:30.162Z (5 months ago)
- Language: Go
- Size: 6.84 KB
- Stars: 0
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# gen-certs
The goal of this repo is to provide a way to generate certs
# Example
Gen CA:
```
$ cfssl genkey -initca config/ca-csr.json | cfssljson -bare certs/ca
```
Gen Node Cert:
```
$ cfssl gencert \
-ca certs/ca.pem \
-ca-key certs/ca-key.pem \
-config config/ca-config.json \
config/req-csr.json | cfssljson -bare certs/node
```
Convert CA to pkcs12:
```
$ openssl pkcs12 -export -inkey certs/ca-key.pem -in certs/ca.pem -out certs/ca.pkcs12 -password pass:changeit
```
Convert Node to pkcs12:
```
$ openssl pkcs12 -export -inkey certs/node-key.pem -in certs/node.pem -out certs/node.pkcs12 -password pass:changeit
```
Create JKS:
```
$ keytool -importkeystore -srckeystore certs/ca.pkcs12 -srcalias '1' -destkeystore certs/truststore.jks \
-storepass "changeit" -srcstoretype pkcs12 \
-srcstorepass "changeit" -destalias elasticsearch-ca
$ keytool -importkeystore -srckeystore certs/node.pkcs12 -srcalias '1' -destkeystore certs/node-keystore.jks \
-storepass "changeit" -srcstoretype pkcs12 \
-srcstorepass "changeit" -destalias elasticsearch-node
```
# Validate
```
$ openssl x509 -noout -text -in certs/node.pem
```