[GitHub] [couchdb] rnewson commented on a diff in pull request #4575: TLS: add {verify, verify_peer} to enable verification for OTP 26

["rnewson (via GitHub)" <gi...@apache.org>]

rnewson commented on code in PR #4575:
URL: https://github.com/apache/couchdb/pull/4575#discussion_r1202462414


##########
dev/gen_certs.sh:
##########
@@ -0,0 +1,57 @@
+#!/bin/bash
+set -e
+
+devdir="$(
+  cd "${0%/*}" 2>/dev/null
+  echo "$PWD"
+)"
+mkdir -p ${devdir}/certs
+
+if [ ! -z "$1" ]; then
+  HOST=$1
+else
+  HOST=$(hostname -f)
+fi
+
+if [ ! -e "${devdir}/certs/ca-cert.pem" ]; then
+  cd ${devdir}/certs
+  echo "Make sure to use different values for the Common Name (FQDN) in CA certificate and certificate."
+
+  echo "Generate CA Certificate:"
+  openssl genrsa 2048 >ca-key.pem
+  openssl req -new -x509 -nodes -days 3650 -key ca-key.pem -out ca-cert.pem -subj "/CN=couch"
+
+  echo "Generate Server Certificate:"
+  openssl req -newkey rsa:2048 -nodes -days 3650 -keyout s-key.pem -out s-req.pem -subj "/CN=$HOST"
+  openssl x509 -req -days 3650 -set_serial 01 -in s-req.pem -out s-cert.pem -CA ca-cert.pem -CAkey ca-key.pem

Review Comment:
   If these are the per-node certificates I think we only need one certificate (the node is a client and a server depending on viewpoint) with CN of erlang node name



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@couchdb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org