Lechucico
Reputation: 2102
Chef: Generate a self-signed CA
I would like to do the following with chef:
- Generate a self-signed root CA (.cer)
- Generate a certificate request (.csr)
- Sign that certificate request by the root CA and obtain the file (.crt)
How I could do that using chef? I've seen that cookbook https://supermarket.chef.io/cookbooks/openssl but there doesn't appear how to sign a certificate.
Following is the code that I actually use:
openssl req -newkey rsa:2048 -days 3650 -x509 -nodes -out root.cer
openssl req -newkey rsa:1024 -nodes -out vault.csr -keyout vault.key
openssl ca -batch -config root-ca.conf -notext -in vault.csr -out vault.crt
sudo update-ca-trust enable
mv root.cer /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust extract
Upvotes: 0
Views: 1024
Answers (1)
Szymon
Reputation: 1525
If you really want chef to manage CA/PKI look at ssl certificate cookbook it may be more suitable. Although, more complicated than openssl cookbook.
Upvotes: 1
Related Questions
- How to create the chef config.rb file?
- Error during chef verify
- Chef remote_file from https site with self signed certificate
- How to pass ssl_verify_mode option to chef-client.exe
- Modify the SSL certificate for Chef Server
- Cert already in hash table exception
- Ruby Generate Self-Signed Certificate
- Replicating request to Chef with Python RSA
- Why can't I install a vagrant environment with chef? certificate verify failed (OpenSSL::SSL::SSLError)
- OpenSSL verify certificate from own CA