46 lines
1.6 KiB
Bash
Executable File
46 lines
1.6 KiB
Bash
Executable File
#!/bin/bash
|
|
PASSWORD="abcd1234"
|
|
VALIDITY_DAYS=365
|
|
KEYS_DIR="ssl"
|
|
DNAME="CN=localhost, OU=Dev, O=MyCompany, L=Seoul, C=KR"
|
|
CA_DNAME="CN=My Kafka CA, OU=Dev, O=MyCompany, L=Seoul, C=KR"
|
|
|
|
rm -rf ./${KEYS_DIR}
|
|
mkdir ${KEYS_DIR}
|
|
cd ${KEYS_DIR}
|
|
|
|
keytool -genkeypair -alias ca -keyalg RSA -keysize 2048 -validity ${VALIDITY_DAYS} \
|
|
-keystore kafka.ca.keystore.jks \
|
|
-storepass ${PASSWORD} -keypass ${PASSWORD} -dname "${CA_DNAME}" \
|
|
-ext "BasicConstraints:critical=ca:true"
|
|
|
|
keytool -exportcert -alias ca -file ca.crt \
|
|
-keystore kafka.ca.keystore.jks -storepass ${PASSWORD}
|
|
|
|
keytool -genkeypair -alias broker -keyalg RSA -keysize 2048 -validity ${VALIDITY_DAYS} \
|
|
-keystore kafka.broker.keystore.jks \
|
|
-storepass ${PASSWORD} -keypass ${PASSWORD} -dname "${DNAME}"
|
|
|
|
keytool -certreq -alias broker -file broker.csr \
|
|
-keystore kafka.broker.keystore.jks -storepass ${PASSWORD}
|
|
|
|
keytool -gencert -alias ca -infile broker.csr -outfile broker.crt \
|
|
-keystore kafka.ca.keystore.jks -storepass ${PASSWORD} -validity ${VALIDITY_DAYS} \
|
|
-ext "SAN=dns:broker-1,dns:broker-2,dns:broker-3,dns:localhost" \
|
|
-ext "ExtendedKeyUsage=serverAuth,clientAuth"
|
|
|
|
keytool -importcert -alias ca -file ca.crt \
|
|
-keystore kafka.broker.keystore.jks -storepass ${PASSWORD} -noprompt
|
|
|
|
keytool -importcert -alias broker -file broker.crt \
|
|
-keystore kafka.broker.keystore.jks -storepass ${PASSWORD} -noprompt
|
|
|
|
keytool -importcert -alias ca -file ca.crt \
|
|
-keystore kafka.broker.truststore.jks -storepass ${PASSWORD} -noprompt
|
|
|
|
echo ${PASSWORD} > password
|
|
|
|
rm ca.crt broker.csr broker.crt
|
|
|
|
echo ""
|
|
echo "🎉 SSL/TLS 키 파일 생성 완료" |