Refactoring

deploy/certs/make-ca.sh

@@ -0,0 +1,36 @@
+# #!/bin/sh
+# # Based on: https://gist.github.com/granella/01ba0944865d99227cf080e97f4b3cb6
+
+# PASSWORD=V3ryS3cr3tP4ssw0rd
+
+# echo "===================================================="
+# echo "Creating fake third-party chain root -> ca"
+# echo "===================================================="
+
+# # generate private keys (for root and ca)
+# keytool -genkeypair -alias root -dname "cn=egommerce.local" -validity 3650 -keyalg RSA -keysize 2048 -ext bc:c -storetype PKCS12 -keystore root.p12 -keypass $PASSWORD -storepass $PASSWORD
+# keytool -genkeypair -alias ca -dname "cn=egommerce.local" -validity 3650 -keyalg RSA -keysize 2048 -ext bc:c -storetype PKCS12 -keystore ca.p12 -keypass $PASSWORD -storepass $PASSWORD
+
+# # generate root certificate
+# keytool -exportcert -rfc -storetype PKCS12 -keystore root.p12 -alias root -storepass $PASSWORD > root.pem
+
+# # generate a certificate for ca signed by root (root -> ca)
+# keytool -storetype PKCS12 -keystore ca.p12 -storepass $PASSWORD -certreq -alias ca \
+# | keytool -storetype PKCS12 -keystore root.p12 -storepass $PASSWORD -gencert -alias root -ext bc=0 -ext san=dns:ca -rfc > ca.pem
+
+# # import ca cert chain into ca.p12
+# keytool -storetype PKCS12 -keystore ca.p12 -storepass $PASSWORD -importcert -trustcacerts -noprompt -alias root -file root.pem
+# keytool -storetype PKCS12 -keystore ca.p12 -storepass $PASSWORD -importcert -alias ca -file ca.pem
+
+
+
+
+
+
+# # openssl req -new -keyout api-registry-ca.key -out api-registry-ca.req
+
+# # openssl x509 -signkey api-registry-ca.key -req -days 3650 -in api-registry-ca.req -out api-registry-ca.crt -extensions v3_ca
+
+# #####
+# #
+# # keytool -alias root -dname "cn=RootCA, ou=Root_CertificateAuthority, o=CertificateAuthority, c=IN" -genkeypair -storepass "V3ryS3cr3tP4ssw0rd" -keyalg RSA