2017-03-20 11:51:20 +01:00
|
|
|
#!/usr/bin/env bash
|
|
|
|
|
|
|
|
# These certs file is only for Harbor testing.
|
|
|
|
IP='127.0.0.1'
|
2019-08-13 08:09:26 +02:00
|
|
|
if [ ! -z "$1" ]; then IP=$1; fi
|
2017-03-20 11:51:20 +01:00
|
|
|
OPENSSLCNF=
|
2018-11-15 04:09:57 +01:00
|
|
|
DATA_VOL='/data'
|
2019-08-13 08:09:26 +02:00
|
|
|
CUR_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
2017-03-20 11:51:20 +01:00
|
|
|
|
|
|
|
for path in /etc/openssl/openssl.cnf /etc/ssl/openssl.cnf /usr/local/etc/openssl/openssl.cnf; do
|
|
|
|
if [[ -e ${path} ]]; then
|
|
|
|
OPENSSLCNF=${path}
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
if [[ -z ${OPENSSLCNF} ]]; then
|
|
|
|
printf "Could not find openssl.cnf"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
# Create CA certificate
|
2020-08-11 04:34:58 +02:00
|
|
|
openssl req \
|
|
|
|
-newkey rsa:4096 -nodes -sha256 -keyout $CUR_DIR/harbor_ca.key \
|
|
|
|
-x509 -days 365 -out $CUR_DIR/harbor_ca.crt -subj '/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=HarborCA'
|
2017-03-20 11:51:20 +01:00
|
|
|
|
|
|
|
# Generate a Certificate Signing Request
|
2019-08-13 08:09:26 +02:00
|
|
|
if echo $IP|grep -E '^([0-9]+\.){3}[0-9]+$' ; then
|
|
|
|
openssl req \
|
|
|
|
-newkey rsa:4096 -nodes -sha256 -keyout $IP.key \
|
|
|
|
-out $IP.csr -subj "/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=HarborManager"
|
|
|
|
echo subjectAltName = IP:$IP > extfile.cnf
|
|
|
|
else
|
2017-03-20 11:51:20 +01:00
|
|
|
openssl req \
|
|
|
|
-newkey rsa:4096 -nodes -sha256 -keyout $IP.key \
|
2019-08-13 08:09:26 +02:00
|
|
|
-out $IP.csr -subj "/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=$IP"
|
|
|
|
echo subjectAltName = DNS.1:$IP > extfile.cnf
|
|
|
|
fi
|
2017-03-20 11:51:20 +01:00
|
|
|
|
|
|
|
# Generate the certificate of local registry host
|
2019-08-13 08:09:26 +02:00
|
|
|
openssl x509 -req -days 365 -sha256 -in $IP.csr -CA $CUR_DIR/harbor_ca.crt \
|
|
|
|
-CAkey $CUR_DIR/harbor_ca.key -CAcreateserial -extfile extfile.cnf -out $IP.crt
|
2017-03-20 11:51:20 +01:00
|
|
|
|
|
|
|
# Copy to harbor default location
|
2018-11-15 04:09:57 +01:00
|
|
|
mkdir -p $DATA_VOL/cert
|
|
|
|
cp $IP.crt $DATA_VOL/cert/server.crt
|
2019-08-13 08:09:26 +02:00
|
|
|
cp $IP.key $DATA_VOL/cert/server.key
|