Created
February 24, 2024 09:15
-
-
Save nicksherron/772c05fcd73215809943da9c4ffc73a3 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| rm -rf /tmp/tls_tst | |
| mkdir /tmp/tls_tst | |
| pushd /tmp/tls_tst | |
| # Generate a private key for the CA | |
| openssl genrsa -out ca.key 2048 | |
| # Create a self-signed certificate for the CA | |
| openssl req -x509 -new -nodes -key ca.key -sha256 -days 365 -out ca.crt -subj "/CN=MyCA" | |
| # Generate a private key for the Redis server | |
| openssl genrsa -out redis.key 2048 | |
| # Create a certificate signing request (CSR) for the Redis server | |
| openssl req -new -key redis.key -out redis.csr -subj "/CN=localhost" -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:localhost")) | |
| # Sign the Redis server CSR with the CA to create the certificate | |
| openssl x509 -req -days 365 -in redis.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out redis.crt -extfile <(printf "subjectAltName=DNS:localhost") | |
| # Combine the key and certificate into a single PEM file | |
| cat redis.crt redis.key > redis.pem | |
| # Set appropriate permissions | |
| chmod 600 ca.key ca.crt redis.key redis.pem | |
| # Clean up intermediate files | |
| rm redis.csr | |
| echo "TLS certificates and Certificate Authority generated successfully for Redis server running on localhost." | |
| redis-server --tls-port 6379 --tls-key-file /tmp/tls_tst/redis.key --tls-cert-file /tmp/tls_tst/redis.crt --tls-ca-cert-file /tmp/tls_tst/ca.crt --tls-auth-clients no --tls-port 16379 --daemonize yes | |
| redis-cli --tls --cacert /tmp/tls_tst/ca.crt --cert /tmp/tls_tst/redis.crt --key /tmp/tls_tst/redis.key -p 16379 ping |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment