56quarters.xyz
mtop: top for Memcached
1#!/usr/bin/env bash
2
3set -o xtrace
4set -o errexit
5
6# From https://mariadb.com/docs/xpand/security/data-in-transit-encryption/create-self-signed-certificates-keys-openssl/
7
8# From https://docs.joshuatz.com/cheatsheets/security/self-signed-ssl-certs/#openssl---generating-self-signed-cert-without-prompts
9
10# CA private key and cert
11openssl req \
12 -newkey rsa:4096 -x509 -nodes -days 10000 -sha256 \
13 -subj "/C=US/ST=MA/L=Boston/O=mtop/OU=test/CN=memcached-ca" \
14 -keyout memcached-ca-key.pem -out memcached-ca-cert.pem
15
16# server private key and cert
17openssl req \
18 -newkey rsa:4096 -x509 -nodes -days 10000 -sha256 \
19 -subj "/C=US/ST=MA/L=Boston/O=mtop/OU=test/CN=memcached-server" \
20 -addext "basicConstraints=critical, CA:false" \
21 -addext "subjectAltName = DNS:localhost, DNS:memcached-server, IP:127.0.0.1" \
22 -keyout memcached-server-key.pem -out memcached-server-cert.pem \
23 -CA memcached-ca-cert.pem -CAkey memcached-ca-key.pem
24
25# client private key and cert
26openssl req \
27 -newkey rsa:4096 -x509 -nodes -days 10000 -sha256 \
28 -subj "/C=US/ST=MA/L=Boston/O=mtop/OU=test/CN=memcached-client" \
29 -addext "basicConstraints=critical, CA:false" \
30 -addext "subjectAltName = DNS:localhost, DNS:memcached-client, IP:127.0.0.1" \
31 -keyout memcached-client-key.pem -out memcached-client-cert.pem \
32 -CA memcached-ca-cert.pem -CAkey memcached-ca-key.pem
33
34# verify server
35openssl verify -CAfile memcached-ca-cert.pem memcached-ca-cert.pem memcached-server-cert.pem
36
37# verify client
38openssl verify -CAfile memcached-ca-cert.pem memcached-ca-cert.pem memcached-client-cert.pem