From 0c1e2ea96377cfed9b6f27bd3a33e3d3936f74dc Mon Sep 17 00:00:00 2001
From: pricelees <priceelees@gmail.com>
Date: Fri, 27 Jun 2025 13:26:35 +0900
Subject: [PATCH] =?UTF-8?q?feat:=20ssl=20=EC=A0=84=EC=86=A1=EC=9D=84=20?=
 =?UTF-8?q?=EC=9C=84=ED=95=9C=20=EC=9D=B8=EC=A6=9D=EC=84=9C=20=EB=B0=9C?=
 =?UTF-8?q?=EA=B8=89=20=EC=8A=A4=ED=81=AC=EB=A6=BD=ED=8A=B8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 keygen.sh | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100755 keygen.sh

diff --git a/keygen.sh b/keygen.sh
new file mode 100755
index 0000000..ad1f6fe
--- /dev/null
+++ b/keygen.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+PASSWORD="abcd1234"
+VALIDITY_DAYS=365
+KEYS_DIR="ssl"
+DNAME="CN=localhost, OU=Dev, O=MyCompany, L=Seoul, C=KR"
+CA_DNAME="CN=My Kafka CA, OU=Dev, O=MyCompany, L=Seoul, C=KR"
+
+rm -rf ./${KEYS_DIR}
+mkdir ${KEYS_DIR}
+cd ${KEYS_DIR}
+
+keytool -genkeypair -alias ca -keyalg RSA -keysize 2048 -validity ${VALIDITY_DAYS} \
+  -keystore kafka.ca.keystore.jks \
+  -storepass ${PASSWORD} -keypass ${PASSWORD} -dname "${CA_DNAME}" \
+  -ext "BasicConstraints:critical=ca:true"
+
+keytool -exportcert -alias ca -file ca.crt \
+  -keystore kafka.ca.keystore.jks -storepass ${PASSWORD}
+
+keytool -genkeypair -alias broker -keyalg RSA -keysize 2048 -validity ${VALIDITY_DAYS} \
+  -keystore kafka.broker.keystore.jks \
+  -storepass ${PASSWORD} -keypass ${PASSWORD} -dname "${DNAME}"
+
+keytool -certreq -alias broker -file broker.csr \
+  -keystore kafka.broker.keystore.jks -storepass ${PASSWORD}
+
+keytool -gencert -alias ca -infile broker.csr -outfile broker.crt \
+  -keystore kafka.ca.keystore.jks -storepass ${PASSWORD} -validity ${VALIDITY_DAYS} \
+  -ext "SAN=dns:broker-1,dns:broker-2,dns:broker-3,dns:localhost" \
+  -ext "ExtendedKeyUsage=serverAuth,clientAuth"
+
+keytool -importcert -alias ca -file ca.crt \
+  -keystore kafka.broker.keystore.jks -storepass ${PASSWORD} -noprompt
+
+keytool -importcert -alias broker -file broker.crt \
+  -keystore kafka.broker.keystore.jks -storepass ${PASSWORD} -noprompt
+
+keytool -importcert -alias ca -file ca.crt \
+  -keystore kafka.broker.truststore.jks -storepass ${PASSWORD} -noprompt
+
+echo ${PASSWORD} > password
+
+rm ca.crt broker.csr broker.crt
+
+echo ""
+echo "🎉 SSL/TLS 키 파일 생성 완료"
\ No newline at end of file