dragonfly/tools/generate-tls-files.sh

48 lines
1.5 KiB
Bash
Raw Normal View History

#!/bin/bash
# This script generates locally-signed TLS files for development usage.
# It's probably a good idea to run in an empty, temporary directory.
#
# Example usage:
#
# mkdir /tmp/dfly-tls
# cd /tmp/dfly-tls
# ~/dragonfly/tools/generate-tls-files.sh
# ~/dragonfly/build-dbg/dragonfly \
# --dbfilename= \
# --logtostdout \
# --tls=true \
# --tls_key_file=/tmp/dfly-tls/df-key.pem \
# --tls_cert_file=/tmp/dfly-tls/df-cert.pem \
# --requirepass=XXX
# redis-cli --tls --cacert /tmp/dfly-tls/ca-cert.pem -a XXX
CA_KEY_PATH=ca-key.pem
CA_CERTIFICATE_PATH=ca-cert.pem
CERTIFICATE_REQUEST_PATH=df-req.pem
PRIVATE_KEY_PATH=df-key.pem
CERTIFICATE_PATH=df-cert.pem
echo "Generating files in local directory (rm *.pem to cleanup)"
openssl req -x509 -newkey rsa:4096 -days 1 -nodes \
-keyout ${CA_KEY_PATH} \
-out ${CA_CERTIFICATE_PATH} \
-subj "/C=GR/ST=SKG/L=Thessaloniki/O=KK/OU=AcmeStudios/CN=Gr/emailAddress=acme@gmail.com"
openssl req -newkey rsa:4096 -nodes \
-keyout ${PRIVATE_KEY_PATH} \
-out ${CERTIFICATE_REQUEST_PATH} \
-subj "/C=GR/ST=SKG/L=Thessaloniki/O=KK/OU=Comp/CN=Gr/emailAddress=does_not_exist@gmail.com"
openssl x509 -req \
-in ${CERTIFICATE_REQUEST_PATH} \
-days 1 \
-CA ${CA_CERTIFICATE_PATH} \
-CAkey ${CA_KEY_PATH} \
-CAcreateserial -out ${CERTIFICATE_PATH}
echo "You can now run:"
echo "dragonfly --tls=true --tls_key_file=${PRIVATE_KEY_PATH} --tls_cert_file=${CERTIFICATE_PATH} --requirepass=XXX"
echo "redis-cli --tls --cacert ${CA_CERTIFICATE_PATH} -a XXX"