Skip to content
This repository has been archived by the owner on May 10, 2024. It is now read-only.

Latest commit

 

History

History

certs

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
root
root
 
 
vault.apps.blizzard.internal
vault.apps.blizzard.internal
 
 
README.md
README.md
 
 

README.md

Certificates

This directory is only used to generate an internal Certificate Authority (CA) and a signed certificated for the HashiCorp Vault instance. All other application certificates are generated via cert-manager and Vault.

CFSSL

CFSSL is CloudFlare's PKI/TLS tool for signing, verifying, and bundling TLS certificates. It can be installed on MacOS with brew:

brew install cfssl

Generate the certificate authority

Generate a CA and private key:

cfssl gencert -initca ca.json | cfssljson -bare ca

Read the certificate to ensure correct attributes:

openssl x509 -in ca.pem -text -noout

Generate a signed certificate for HashiCorp Vault

Generate the certificate and private key:

cfssl gencert -ca ../root/ca.pem -ca-key ../root/ca-key.pem client.json | cfssljson -bare server

Read the certificate to ensure correct attributes:

openssl x509 -in server.pem -text -noout