Skip to main content

Sadržaj

#!/bin/sh

Open search cert configuration

cd /etc/opensearch sudo rm -f *pem

Root CA

openssl genrsa -out root-ca-key.pem 2048 openssl req -new -x509 -sha256 -key root-ca-key.pem -subj "/C=HR/ST=Hrvatska/L=Osijek/O=Mellon Development/OU=Web development/CN=root.dns.a-record" -out root-ca.pem -days 730

Admin cert

openssl genrsa -out admin-key-temp.pem 2048 openssl pkcs8 -inform PEM -outform PEM -in admin-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out admin-key.pem openssl req -new -key admin-key.pem -subj "/C=HR/ST=Hrvatska/L=Osijek/O=Mellon Development/OU=Web development/CN=A" -out admin.csr openssl x509 -req -in admin.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out admin.pem -days 730

Node cert 1

openssl genrsa -out node1-key-temp.pem 2048 openssl pkcs8 -inform PEM -outform PEM -in node1-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out node1-key.pem openssl req -new -key node1-key.pem -subj "/C=HR/ST=Hrvatska/L=Osijek/O=Mellon Development/OU=Web development/CN=node1.dns.a-record" -out node1.csr echo 'subjectAltName=DNS:node1.dns.a-record' > node1.ext openssl x509 -req -in node1.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out node1.pem -days 730 -extfile node1.ext

Client cert

openssl genrsa -out client-key-temp.pem 2048 openssl pkcs8 -inform PEM -outform PEM -in client-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out client-key.pem openssl req -new -key client-key.pem -subj "/C=HR/ST=Hrvatska/L=Osijek/O=Mellon Development/OU=Web development/CN=client.dns.a-record" -out client.csr echo 'subjectAltName=DNS:client.dns.a-record' > client.ext openssl x509 -req -in client.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out client.pem -days 730 -extfile client.ext

Cleanup

rm admin-key-temp.pem rm admin.csr rm node1-key-temp.pem rm node1.csr rm node1.ext rm client-key-temp.pem rm client.csr rm client.ext echo $'Certifikati uspješno generirani\nService status\n' sudo systemctl status opensearch echo $'Restartan opensearch servis\n' sudo systemctl restart opensearch

Back to top