Generating self-signed certificates using CFSSL with existing CA cert and key.
Download cfssl tools:
$curl -L https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -o cfssl
$chmod +x cfssl
$curl -L https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -o cfssljson
$chmod +x cfssljsonCreate json file with parameters for CSR request. Pay attention on "CN" and "hosts" entries. Example "server.json" file:
{
"CN": "*.openstack.svc.kaas-kubernetes-3a42c112a6f911e98fc4fa163e5a4837",
"hosts": [
"keystone",
"keystone.openstack",
"*.openstack.svc.kaas-kubernetes-3a42c112a6f911e98fc4fa163e5a4837"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "CA",
"ST": "San Francisco"
}
]
}Generate self-signed cert using CSR above:
$./cfssl gencert -ca=ca.crt -ca-key=ca.key server.json | ./cfssljson -bare api