make sure that you are in the project's root path
mkdir -p bin/cert
cd bin/cert/
make sure that you are in the directory <project root path>/bin/cert
openssl genrsa -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -days 1024 -out rootCA.pem -subj '/CN=em-server/O=PingCAP/C=CN'
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr -subj '/CN=em-server/O=PingCAP/C=CN'
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 3650
make sure that you are in the directory <project root path>/bin/cert
echo $RANDOM | md5sum | head -c 32 > aes.key
You may need to generate executable
cfssl
andcfssljson
by following cfssl before execute the commands below.
make sure that you are in the directory <project root path>/bin/cert
cfsslBinPath=<please fill it>
${cfsslBinPath}/cfssl gencert -initca ../../build_helper/ca-csr.json | ${cfsslBinPath}/cfssljson -bare etcd-ca -
${cfsslBinPath}/cfssl gencert -ca=etcd-ca.pem -ca-key=etcd-ca-key.pem --config=../../build_helper/ca-config.json -profile=server ../../build_helper/server.json | ${cfsslBinPath}/cfssljson -bare etcd-server