1. official sample-apiserver stand-alone
sudo apt-get install expect
#!/bin/bash set -x export PHRASEPASS=123456 export COUNTRY=CN export STATE=BeiJing export CITY=BeiJing export COMPANY=OpenSource export COMPANY_UNIT=k8s # export COMMON_NAME=$HOSTNAME export COMMON_NAME=sample export CAEMAIL="[email protected]" echo "Generate a CA to later sign the client certificate" echo "Config CA" { /usr/bin/expect << EOF spawn openssl req -nodes -new -x509 -keyout ca.key -out ca.crt expect "*Country Name*:" send "$COUNTRY\r" expect "*State or Province Name*:" send "$STATE\r" expect "*Locality Name*:" send "$CITY\r" expect "*Organization Name*:" send "$COMPANY\r" expect "*Organizational Unit Name*:" send "$COMPANY_UNIT\r" expect "*Common Name*:" send "$COMMON_NAME\r" expect "*Email Address*" send "$CAEMAIL\r\n" expect eof EOF } echo "********************* read private key ************************" openssl rsa -noout -text -in ca.key echo "********************* read ca certification ************************" openssl x509 -noout -text -in ca.crt echo "Create a client cert signed by this CA for the user development in the superuser group system:masters" openssl req -out client.csr -new -newkey rsa:4096 -nodes -keyout client.key -subj "/CN=development/O=system:masters" echo "********************* read client private key ************************" openssl rsa -noout -text -in client.key echo "********************* read client request ************************" openssl req -noout -text -in client.csr openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt echo "********************* read client request ************************" openssl x509 -noout -text -in client.crt echo "curl requires client certificates in p12 format with password, do the conversion" openssl pkcs12 -export -in ./client.crt -inkey ./client.key -out client.p12 -passout pass:password # openssl pkcs12 -noout -text -in client.p12