Skip to content

Service Mesh

STunnel Service Mesh

CA

openssl genpkey -algorithm ED448 > ca.key

openssl req -days 7300 -sha256 -nodes -new -x509 \
  -key ca.key \
  -out ca.crt \
  -subj "/CN=Touille default CA"

Client certificate

Preparation work

mkdir new-client-cert/
cp ca/ca.crt ca/openssl.cnf new-client-cert/

Generate a heavy key

using docker if your openssl do not support

docker run -it -v ${PWD}:/src ubuntu:20.04 \
  bash -c "apt update && apt install -y openssl && openssl genpkey -algorithm ED448 > /src/client.key"
# openssl genpkey -algorithm ED448 > client.key

Generate CSR

docker run -it -v ${PWD}:/src ubuntu:20.04 \
  bash -c "apt update && apt install -y openssl && openssl req -new -sha256 -out client.csr -key client.key -config openssl.cnf"
cp client.csr ../ca

Signing the CSR using a CA

cd ../ca
docker run -it -v ${PWD}:/src ubuntu:20.04 \
  bash -c "apt update && apt install -y openssl && 
     openssl x509 -req -days 1460 -in /src/client.csr -CA /src/ca.crt -CAkey /src/ca.key -CAcreateserial -out /src/client.crt"
mv client.crt ../new-client/