Skip to content

Commit 21c8ef2

Browse files
fstagnifstagni
authored
Added adminusername certificate
1 parent 6aef33f commit 21c8ef2

File tree

2 files changed

+50
-4
lines changed

2 files changed

+50
-4
lines changed

certificates-generation/entrypoint.sh

Lines changed: 30 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -29,10 +29,10 @@ if ! openssl ca -config /ca/openssl_config_ca.cnf \
2929
exit 1
3030
fi
3131

32-
### User (for DIRAC client)
32+
### DIRAC User ciuser
3333

3434
if ! openssl genrsa -out /ca/certs/client.key 2048; then
35-
echo "Failed to generate user private key"
35+
echo "Failed to generate ciuser private key"
3636
exit 1
3737
fi
3838
chmod 400 client.key
@@ -41,7 +41,7 @@ if ! openssl req -config /ca/openssl_config_user.cnf \
4141
-key /ca/certs/client.key \
4242
-new \
4343
-out /ca/requests/client.req; then
44-
echo "Failed to generate user certificate signing request"
44+
echo "Failed to generate ciuser certificate signing request"
4545
exit 1
4646
fi
4747

@@ -51,7 +51,33 @@ if ! openssl ca -config /ca/openssl_config_ca.cnf \
5151
-days 15 \
5252
-in /ca/requests/client.req \
5353
-out /ca/certs/client.pem; then
54-
echo "Failed to generate user certificate"
54+
echo "Failed to generate ciuser certificate"
55+
exit 1
56+
fi
57+
58+
### DIRAC User adminusername
59+
60+
if ! openssl genrsa -out /ca/certs/client.key 2048; then
61+
echo "Failed to generate adminusername private key"
62+
exit 1
63+
fi
64+
chmod 400 client.key
65+
66+
if ! openssl req -config /ca/openssl_config_user.cnf \
67+
-key /ca/certs/client.key \
68+
-new \
69+
-out /ca/requests/client.req; then
70+
echo "Failed to generate adminusername certificate signing request"
71+
exit 1
72+
fi
73+
74+
if ! openssl ca -config /ca/openssl_config_ca.cnf \
75+
-extensions usr_cert \
76+
-batch \
77+
-days 15 \
78+
-in /ca/requests/client.req \
79+
-out /ca/certs/client.pem; then
80+
echo "Failed to generate adminusername certificate"
5581
exit 1
5682
fi
5783

certificates-generation/openssl_confi_adminusername.cnf

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
[ req ]
2+
default_bits = 2048
3+
encrypt_key = yes
4+
distinguished_name = req_dn
5+
prompt = no
6+
req_extensions = v3_req
7+
8+
# Generates the following subject
9+
# Subject: O=DIRAC CI, O=CERN, CN=adminusername
10+
[ req_dn ]
11+
C = ch
12+
O = DIRAC
13+
OU = DIRAC CI
14+
CN = adminusername
15+
16+
[ v3_req ]
17+
# Extensions for client certificates (`man x509v3_config`).
18+
nsComment = "OpenSSL Generated Client Certificate"
19+
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
20+
extendedKeyUsage = clientAuth

0 commit comments

Comments
 (0)