EOF

# Create a certificate authority
openssl genrsa -out CAKey.pem 2048
openssl req -x509 -new -nodes -key CAKey.pem -days 100000 -out CACert.pem -subj "/CN=${CN_BASE}_ca"

# Create a second certificate authority
openssl genrsa -out BadCAKey.pem 2048
openssl req -x509 -new -nodes -key BadCAKey.pem -days 100000 -out BadCACert.pem -subj "/CN=${CN_BASE}_ca"

# Create a server certiticate
openssl genrsa -out ServerKey.pem 2048

extendedKeyUsage = clientAuth
EOF

# Create a certificate authority
openssl genrsa -out caKey.pem 2048
openssl req -x509 -new -nodes -key caKey.pem -days 100000 -out caCert.pem -subj "/CN=webhook_imagepolicy_ca"

# Create a second certificate authority
openssl genrsa -out badCAKey.pem 2048
openssl req -x509 -new -nodes -key badCAKey.pem -days 100000 -out badCACert.pem -subj "/CN=webhook_imagepolicy_ca"

openssl genrsa -out "${WD}/clientA.key" 2048
openssl req -new -key "${WD}/clientA.key" -out "${WD}/clientA.csr" -subj "/CN=*.example.com" -config "${WD}/client.conf"
openssl x509 -req -days 3650 -CA "${WD}/rootA.crt" -CAkey "${WD}/rootA.key" -set_serial 0 -in "${WD}/clientA.csr" -out "${WD}/clientA.crt" -extensions v3_req -extfile "${WD}/client.conf"

openssl genrsa -out "${WD}/serverA.key" 2048

		-in $< -out $@

root-cert.csr: root-key.pem root-ca.conf
	@echo "generating $@"
	@openssl req -sha256 -new -key $< -config root-ca.conf -out $@

root-key.pem:
	@echo "generating $@"
	@openssl genrsa -out $@ 4096
#------------------------------------------------------------------------
##<name>-cacerts: generate self signed intermediate certificates for <name> and store them under <name> directory.
.PHONY: %-cacerts

# Create a certificate authority
openssl genrsa -out caKey.pem 2048
openssl req -x509 -new -nodes -key caKey.pem -days 100000 -out caCert.pem -subj "/CN=webhook_authz_ca"

# Create a second certificate authority
openssl genrsa -out badCAKey.pem 2048
openssl req -x509 -new -nodes -key badCAKey.pem -days 100000 -out badCACert.pem -subj "/CN=webhook_authz_ca"

# Create a server certiticate
openssl genrsa -out serverKey.pem 2048

# Root CA
#openssl genrsa -out root-key.pem 4096
openssl req -new -key root-key.pem -out root-cert.csr -sha256 <<EOF
US
California
Sunnyvale
Istio
Test
Root CA
******@****.***


EOF
openssl x509 -req -days 3650 -in root-cert.csr -sha256 -signkey root-key.pem -out root-cert.pem

# Intermediate CA
#openssl genrsa -out int-key.pem 4096

subjectAltName = @alt_names
[alt_names]
IP.1 = 127.0.0.1
EOF

# Create a certificate authority
openssl genrsa -out caKey.pem 2048
openssl req -x509 -new -nodes -key caKey.pem -days 100000 -out caCert.pem -subj "/CN=${CN_BASE}_ca"

# Create a second certificate authority
openssl genrsa -out badCAKey.pem 2048
openssl req -x509 -new -nodes -key badCAKey.pem -days 100000 -out badCACert.pem -subj "/CN=${CN_BASE}_ca"

keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth, serverAuth
subjectAltName = @alt_names
[alt_names]
DNS = cluster.local
EOF

# Create a certificate authority
openssl genrsa -out "${WD}/pilot/ca-key.pem" 2048
openssl req -x509 -new -nodes -key "${WD}/pilot/ca-key.pem" -days 100000 -out "${WD}/pilot/root-cert.pem" -subj "/CN=cluster.local"
cp "${WD}/pilot/root-cert.pem" "${WD}/default/root-cert.pem"

[alt_names]
IP.1 = 127.0.0.1
IP.2 = ::1
EOF

outfile=testcerts.go

# Create a certificate authority
openssl genrsa -out CAKey.pem 2048
openssl req -x509 -new -nodes -key CAKey.pem -days 100000 -out CACert.pem -subj "/CN=${CN_BASE}_ca"

# Create a server certificate
openssl genrsa -out ServerKey.pem 2048
openssl req -new -key ServerKey.pem -out server.csr -subj "/CN=${CN_BASE}_server" -config server.conf

# Self-signed certificates

    openssl genrsa -out cert.key 2048
    openssl req -new -x509 -sha256 -key cert.key -out cert.crt -days 3650

For the common name, please type the following FQDN: