openstack
/
octavia
Code Issues Proposed changes

Merge "Use 2048-bits keys for devstack certificates"

This commit is contained in:
Zuul 2019-12-02 23:58:04 +00:00 committed by Gerrit Code Review
parent bc984d90fe 8b6bb936d3
commit f7bc31e128
2 changed files with 8 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
bin/create_dual_intermediate_CA.sh
View File

@ -44,9 +44,7 @@ touch index.txt
echo 1000 > serial
# Create the client CA private key
# Note: This uses short key lengths to save entropy in the test gates.
# This is not recommended for deployment use!
openssl genrsa -aes128 -out private/ca.key.pem -passout pass:not-secure-passphrase 1024
openssl genrsa -aes128 -out private/ca.key.pem -passout pass:not-secure-passphrase 2048
chmod 400 private/ca.key.pem
# Create the client CA root certificate
@ -60,9 +58,7 @@ touch intermediate_ca/index.txt
echo 1000 > intermediate_ca/serial
# Create the client intermediate CA private key
# Note: This uses short key lengths to save entropy in the test gates.
# This is not recommended for deployment use!
openssl genrsa -aes128 -out intermediate_ca/private/intermediate.ca.key.pem -passout pass:not-secure-passphrase 1024
openssl genrsa -aes128 -out intermediate_ca/private/intermediate.ca.key.pem -passout pass:not-secure-passphrase 2048
chmod 400 intermediate_ca/private/intermediate.ca.key.pem
# Create the client intermediate CA certificate signing request
@ -75,9 +71,7 @@ openssl ca -config ../../openssl.cnf -name CA_intermediate -extensions v3_interm
cat intermediate_ca/certs/intermediate.cert.pem certs/ca.cert.pem > intermediate_ca/ca-chain.cert.pem
###### Create the client key and certificate
# Note: This uses short key lengths to save entropy in the test gates.
# This is not recommended for deployment use!
openssl genrsa -aes128 -out intermediate_ca/private/controller.key.pem -passout pass:not-secure-passphrase 1024
openssl genrsa -aes128 -out intermediate_ca/private/controller.key.pem -passout pass:not-secure-passphrase 2048
chmod 400 intermediate_ca/private/controller.key.pem
# Create the client controller certificate signing request
@ -109,9 +103,7 @@ touch index.txt
echo 1000 > serial
# Create the server CA private key
# Note: This uses short key lengths to save entropy in the test gates.
# This is not recommended for deployment use!
openssl genrsa -aes128 -out private/ca.key.pem -passout pass:not-secure-passphrase 1024
openssl genrsa -aes128 -out private/ca.key.pem -passout pass:not-secure-passphrase 2048
chmod 400 private/ca.key.pem
# Create the server CA root certificate
@ -125,9 +117,7 @@ touch intermediate_ca/index.txt
echo 1000 > intermediate_ca/serial
# Create the server intermediate CA private key
# Note: This uses short key lengths to save entropy in the test gates.
# This is not recommended for deployment use!
openssl genrsa -aes128 -out intermediate_ca/private/intermediate.ca.key.pem -passout pass:not-secure-passphrase 1024
openssl genrsa -aes128 -out intermediate_ca/private/intermediate.ca.key.pem -passout pass:not-secure-passphrase 2048
chmod 400 intermediate_ca/private/intermediate.ca.key.pem
# Create the server intermediate CA certificate signing request

12
bin/create_single_CA_intermediate_CA.sh
View File

@ -44,9 +44,7 @@ touch index.txt
echo 1000 > serial
# Create the client CA private key
# Note: This uses short key lengths to save entropy in the test gates.
# This is not recommended for deployment use!
openssl genrsa -aes128 -out private/ca.key.pem -passout pass:not-secure-passphrase 1024
openssl genrsa -aes128 -out private/ca.key.pem -passout pass:not-secure-passphrase 2048
chmod 400 private/ca.key.pem
# Create the client CA root certificate
@ -60,9 +58,7 @@ touch intermediate_ca/index.txt
echo 1000 > intermediate_ca/serial
# Create the client intermediate CA private key
# Note: This uses short key lengths to save entropy in the test gates.
# This is not recommended for deployment use!
openssl genrsa -aes128 -out intermediate_ca/private/intermediate.ca.key.pem -passout pass:not-secure-passphrase 1024
openssl genrsa -aes128 -out intermediate_ca/private/intermediate.ca.key.pem -passout pass:not-secure-passphrase 2048
chmod 400 intermediate_ca/private/intermediate.ca.key.pem
# Create the client intermediate CA certificate signing request
@ -75,9 +71,7 @@ openssl ca -config ../../openssl.cnf -name CA_intermediate -extensions v3_interm
cat intermediate_ca/certs/intermediate.cert.pem certs/ca.cert.pem > intermediate_ca/ca-chain.cert.pem
###### Create the client key and certificate
# Note: This uses short key lengths to save entropy in the test gates.
# This is not recommended for deployment use!
openssl genrsa -aes128 -out intermediate_ca/private/controller.key.pem -passout pass:not-secure-passphrase 1024
openssl genrsa -aes128 -out intermediate_ca/private/controller.key.pem -passout pass:not-secure-passphrase 2048
chmod 400 intermediate_ca/private/controller.key.pem
# Create the client controller certificate signing request