From e3dae8bb1358786617b9b552995c990bfced3920 Mon Sep 17 00:00:00 2001 From: Hitesh Nayak Date: Sun, 24 Sep 2023 20:58:50 +0530 Subject: [PATCH] Fix: no password for domain keys --- generateDomainCert.sh | 4 ++-- generateDomainKey.sh | 6 +++--- generateRootCACert.sh | 2 +- generateRootKey.sh | 2 +- getbase64.sh | 2 +- renewDomainCert.sh | 2 +- renewRootCACert.sh | 2 +- req.conf | 7 ++++++- setenv.sh | 2 +- 9 files changed, 17 insertions(+), 12 deletions(-) diff --git a/generateDomainCert.sh b/generateDomainCert.sh index bac84fc..6b28b26 100755 --- a/generateDomainCert.sh +++ b/generateDomainCert.sh @@ -1,11 +1,11 @@ -. setenv.sh +. ./setenv.sh # do nothing if already exists if [[ -f ${DOMAIN_CRT_PATH} ]] then echo "Domain crt is already generated." else - openssl req -new -key ${DOMAIN_KEY_PATH} -out ${DOMAIN_CSR_PATH} -passin env:DOMAIN_PASSWORD -config ${DOMAIN_OPENSSL_CONF_PATH} + openssl req -new -key ${DOMAIN_KEY_PATH} -out ${DOMAIN_CSR_PATH} -config ${DOMAIN_OPENSSL_CONF_PATH} #-passin env:DOMAIN_PASSWORD openssl x509 -req -in ${DOMAIN_CSR_PATH} -CA ${ROOT_CA_CRT_PATH} -CAkey ${ROOT_CA_KEY_PATH} -passin env:ROOT_CA_PASSWORD -out ${DOMAIN_CRT_PATH} -days ${DOMAIN_EXPIRY_DAYS} -extfile ${DOMAIN_OPENSSL_CONF_PATH} -extensions v3_req echo "Domain crt generated successfully at ${DOMAIN_CRT_PATH}" rm ${DOMAIN_CSR_PATH} diff --git a/generateDomainKey.sh b/generateDomainKey.sh index 913767e..fdf66f8 100755 --- a/generateDomainKey.sh +++ b/generateDomainKey.sh @@ -1,12 +1,12 @@ -. setenv.sh +. ./setenv.sh # do nothing if already exists if [[ -f ${DOMAIN_KEY_PATH} ]] then echo "Domain key is already generated." else - openssl genrsa -des3 -passout env:ROOT_CA_PASSWORD -out ${DOMAIN_KEY_PATH} 4096 + openssl genrsa -out ${DOMAIN_KEY_PATH} 4096 #-des3 -passout env:ROOT_CA_PASSWORD echo "Domain key generated successfully at ${DOMAIN_KEY_PATH}" fi -openssl rsa -noout -text -in ${DOMAIN_KEY_PATH} -passin env:DOMAIN_PASSWORD +openssl rsa -noout -text -in ${DOMAIN_KEY_PATH} #-passin env:DOMAIN_PASSWORD echo "Domain key verified successfully." \ No newline at end of file diff --git a/generateRootCACert.sh b/generateRootCACert.sh index 2507ff3..391d366 100755 --- a/generateRootCACert.sh +++ b/generateRootCACert.sh @@ -1,4 +1,4 @@ -. setenv.sh +. ./setenv.sh # do nothing if already exists if [[ -f ${ROOT_CA_CRT_PATH} ]] diff --git a/generateRootKey.sh b/generateRootKey.sh index 666b805..34b2c95 100755 --- a/generateRootKey.sh +++ b/generateRootKey.sh @@ -1,4 +1,4 @@ -. setenv.sh +. ./setenv.sh # do nothing if already exists if [[ -f ${ROOT_CA_KEY_PATH} ]] diff --git a/getbase64.sh b/getbase64.sh index f7855d8..a46f5e1 100755 --- a/getbase64.sh +++ b/getbase64.sh @@ -1,4 +1,4 @@ -. setenv.sh +. ./setenv.sh echo "Root CA certificate :" cat ${ROOT_CA_CRT_PATH} | base64 -w 0 diff --git a/renewDomainCert.sh b/renewDomainCert.sh index 50b7aac..c6b7515 100755 --- a/renewDomainCert.sh +++ b/renewDomainCert.sh @@ -1,4 +1,4 @@ -. setenv.sh +. ./setenv.sh # Ask confirmation echo "Domain is valid till : " diff --git a/renewRootCACert.sh b/renewRootCACert.sh index df9b9b2..24685e6 100755 --- a/renewRootCACert.sh +++ b/renewRootCACert.sh @@ -1,4 +1,4 @@ -. setenv.sh +. ./setenv.sh # Ask confirmation echo "Root CA is valid till : " diff --git a/req.conf b/req.conf index 8c2aa0d..ee8ed72 100644 --- a/req.conf +++ b/req.conf @@ -23,4 +23,9 @@ extendedKeyUsage = serverAuth, clientAuth subjectAltName = @alt_names [alt_names] -DNS.1 = *.hitesh.com +DNS.1 = *.kube.hitesh.com +DNS.2 = *.weave.hitesh.com +DNS.3 = *.skooner.hitesh.com +DNS.4 = *.gitea.hitesh.com +DNS.5 = *.jenkins.hitesh.com +DNS.6 = *.hitesh.com diff --git a/setenv.sh b/setenv.sh index b95ecaa..f43fb52 100644 --- a/setenv.sh +++ b/setenv.sh @@ -1,4 +1,4 @@ -. secret.sh +. ./secret.sh export BUILD_PATH=build # root