Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2025-02-03 21:41:23 +01:00
Code Issues Projects Releases Wiki Activity

Add Scan for internal tls (#13810)

Browse Source 
Signed-off-by: DQ <dengq@vmware.com>
This commit is contained in:
Qian Deng 2020-12-21 15:23:11 +08:00 committed by GitHub
parent 9bc6f3cee4
commit 9197471e70
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 22 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
make/photon/prepare/scripts/gencert.sh
View File

@ -28,7 +28,8 @@ openssl req -new -newkey rsa:4096 -nodes -sha256 \
-subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=proxy" -subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=proxy"
# Sign proxy # Sign proxy
openssl x509 -req -days $DAYS -sha256 -in proxy.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -out proxy.crt echo subjectAltName = DNS.1:proxy > extfile.cnf
openssl x509 -req -days $DAYS -sha256 -in proxy.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -extfile extfile.cnf -out proxy.crt
# generate portal key and csr # generate portal key and csr
openssl req -new -newkey rsa:4096 -nodes -sha256 \ openssl req -new -newkey rsa:4096 -nodes -sha256 \
@ -37,7 +38,8 @@ openssl req -new -newkey rsa:4096 -nodes -sha256 \
-subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=portal" -subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=portal"
# Sign portal # Sign portal
openssl x509 -req -days $DAYS -sha256 -in portal.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -out portal.crt echo subjectAltName = DNS.1:portal > extfile.cnf
openssl x509 -req -days $DAYS -sha256 -in portal.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -extfile extfile.cnf -out portal.crt
# generate core key and csr # generate core key and csr
openssl req -new \ openssl req -new \
@ -46,7 +48,8 @@ openssl req -new \
-subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=core" -subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=core"
# Sign core csr with CA certificate and key # Sign core csr with CA certificate and key
openssl x509 -req -days $DAYS -sha256 -in core.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -out core.crt echo subjectAltName = DNS.1:core > extfile.cnf
openssl x509 -req -days $DAYS -sha256 -in core.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -extfile extfile.cnf -out core.crt
# job_service key # job_service key
@ -56,7 +59,8 @@ openssl req -new \
-subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=jobservice" -subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=jobservice"
# sign job_service csr with CA certificate and key # sign job_service csr with CA certificate and key
openssl x509 -req -days $DAYS -sha256 -in job_service.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -out job_service.crt echo subjectAltName = DNS.1:jobservice > extfile.cnf
openssl x509 -req -days $DAYS -sha256 -in job_service.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -extfile extfile.cnf -out job_service.crt
# generate registry key # generate registry key
openssl req -new \ openssl req -new \
@ -65,7 +69,8 @@ openssl req -new \
-subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=registry" -subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=registry"
# sign registry csr with CA certificate and key # sign registry csr with CA certificate and key
openssl x509 -req -days $DAYS -sha256 -in registry.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -out registry.crt echo subjectAltName = DNS.1:registry > extfile.cnf
openssl x509 -req -days $DAYS -sha256 -in registry.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -extfile extfile.cnf -out registry.crt
# generate registryctl key # generate registryctl key
openssl req -new \ openssl req -new \
@ -74,7 +79,8 @@ openssl req -new \
-subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=registryctl" -subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=registryctl"
# sign registryctl csr with CA certificate and key # sign registryctl csr with CA certificate and key
openssl x509 -req -days $DAYS -sha256 -in registryctl.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -out registryctl.crt echo subjectAltName = DNS.1:registryctl > extfile.cnf
openssl x509 -req -days $DAYS -sha256 -in registryctl.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -extfile extfile.cnf -out registryctl.crt
# generate trivy_adapter key # generate trivy_adapter key
@ -84,7 +90,8 @@ openssl req -new \
-subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=trivy-adapter" -subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=trivy-adapter"
# sign trivy_adapter csr with CA certificate and key # sign trivy_adapter csr with CA certificate and key
openssl x509 -req -days $DAYS -sha256 -in trivy_adapter.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -out trivy_adapter.crt echo subjectAltName = DNS.1:trivy-adapter > extfile.cnf
openssl x509 -req -days $DAYS -sha256 -in trivy_adapter.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -extfile extfile.cnf -out trivy_adapter.crt
# generate notary_signer key # generate notary_signer key
@ -94,7 +101,8 @@ openssl req -new \
-subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=notary-signer" -subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=notary-signer"
# sign notary_signer csr with CA certificate and key # sign notary_signer csr with CA certificate and key
openssl x509 -req -days $DAYS -sha256 -in notary_signer.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -out notary_signer.crt echo subjectAltName = DNS.1:notary-signer > extfile.cnf
openssl x509 -req -days $DAYS -sha256 -in notary_signer.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -extfile extfile.cnf -out notary_signer.crt
# generate notary_server key # generate notary_server key
openssl req -new \ openssl req -new \
@ -103,7 +111,8 @@ openssl req -new \
-subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=notary-server" -subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=notary-server"
# sign notary_server csr with CA certificate and key # sign notary_server csr with CA certificate and key
openssl x509 -req -days $DAYS -sha256 -in notary_server.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -out notary_server.crt echo subjectAltName = DNS.1:notary-server > extfile.cnf
openssl x509 -req -days $DAYS -sha256 -in notary_server.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -extfile extfile.cnf -out notary_server.crt
# generate chartmuseum key # generate chartmuseum key
@ -113,7 +122,8 @@ openssl req -new \
-subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=chartmuseum" -subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=chartmuseum"
# sign chartmuseum csr with CA certificate and key # sign chartmuseum csr with CA certificate and key
openssl x509 -req -days $DAYS -sha256 -in chartmuseum.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -out chartmuseum.crt echo subjectAltName = DNS.1:chartmuseum > extfile.cnf
openssl x509 -req -days $DAYS -sha256 -in chartmuseum.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -extfile extfile.cnf -out chartmuseum.crt
# generate harbor_db key # generate harbor_db key
@ -123,4 +133,5 @@ openssl req -new \
-subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=harbor_db" -subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=harbor_db"
# sign harbor_db csr with CA certificate and key # sign harbor_db csr with CA certificate and key
openssl x509 -req -days $DAYS -sha256 -in harbor_db.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -out harbor_db.crt echo subjectAltName = DNS.1:harbor_db > extfile.cnf
openssl x509 -req -days $DAYS -sha256 -in harbor_db.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -extfile extfile.cnf -out harbor_db.crt