| Paul Belanger | 0a21f0a | 2017-06-13 13:14:42 -0400 | [diff] [blame] | 1 | Steps used to create our certs |
| 2 | |
| 3 | # Generate CA cert |
| 4 | $ openssl req -new -newkey rsa:2048 -nodes -keyout root-ca.key -x509 -days 3650 -out root-ca.pem -subj "/C=US/ST=Texas/L=Austin/O=OpenStack Foundation/CN=gearman-ca" |
| 5 | |
| 6 | # Generate server keys |
| 7 | $ CLIENT='server' |
| 8 | $ openssl req -new -newkey rsa:2048 -nodes -keyout $CLIENT.key -out $CLIENT.csr -subj "/C=US/ST=Texas/L=Austin/O=OpenStack Foundation/CN=nodepool-$CLIENT" |
| 9 | $ openssl x509 -req -days 3650 -in $CLIENT.csr -out $CLIENT.pem -CA root-ca.pem -CAkey root-ca.key -CAcreateserial |
| 10 | |
| 11 | |
| 12 | # Generate client keys |
| 13 | $ CLIENT='client' |
| 14 | $ openssl req -new -newkey rsa:2048 -nodes -keyout $CLIENT.key -out $CLIENT.csr -subj "/C=US/ST=Texas/L=Austin/O=OpenStack Foundation/CN=gearman-$CLIENT" |
| 15 | $ openssl x509 -req -days 3650 -in $CLIENT.csr -out $CLIENT.pem -CA root-ca.pem -CAkey root-ca.key -CAcreateserial |
| 16 | |
| 17 | |
| 18 | # Test with geard |
| 19 | # You'll need 2 terminal windows |
| 20 | geard --ssl-ca root-ca.pem --ssl-cert server.pem --ssl-key server.key -d |
| 21 | openssl s_client -connect localhost:4730 -key client.key -cert client.pem -CAfile root-ca.pem |