zekiunal · July 3, 2017 10:51
diff --git a/vault_init_ca.sh b/vault_init_ca.sh
 #!/bin/bash -e

 # Pre-requiresites:
 # > Vault server
 # > exported VAULT_ADDR and VAULT_TOKEN
 # > vault cli
 # > httpie (https://github.com/jkbrzt/httpie)
 # > jq (https://stedolan.github.io/jq/)

 # CA 
 vault mount -path=rafpe_ca -description="rafpe Root CA" -max-lease-ttl=175200h pki
 http POST "$VAULT_ADDR/v1/rafpe_ca/root/generate/exported" X-Vault-Token:$VAULT_TOKEN common_name="RafPe Root CA" ttl="175200h" > root_ca.json
 cat root_ca.json | jq -r .data.certificate > root_ca.pem
 cat root_ca.json | jq -r .data.private_key > root_ca.key

 # Mount intermediate
 vault mount -path=rafpe_intermediate -description="rafpe intermediate CA" -max-lease-ttl=8760h pki

 # Configure URLs 
 vault write rafpe_intermediate/config/urls crl_distribution_points="https://vault.rafpe.ninja/v1/rafpe_intermediate/crl"
 vault write rafpe_intermediate/config/urls issuing_certificates="https://vault.rafpe.ninja/v1/rafpe_intermediate"

 # Generate CSRs for intermediate 
 http POST "$VAULT_ADDR/v1/rafpe_intermediate/intermediate/generate/exported" X-Vault-Token:$VAULT_TOKEN common_name='rafpe intermediate CA' ttl="8760h" exclude_cn_from_sans="true" > intermediate.json
 cat intermediate.json | jq -r .data.csr > intermediate.csr
 cat intermediate.json | jq -r .data.private_key > intermediate.key

 # Sign intermediate
 http POST "$VAULT_ADDR/v1/rafpe_ca/root/sign-intermediate" X-Vault-Token:$VAULT_TOKEN common_name='rafpe intermediate CA' ttl="8760h" [email protected] > signed_intermediate.json
 cat signed_intermediate.json| jq -r .data.certificate > intermediate.cert

 # Set signed cert for intermediate
 vault write rafpe_intermediate/intermediate/set-signed [email protected]
	#!/bin/bash -e

	# Pre-requiresites:
	# > Vault server
	# > exported VAULT_ADDR and VAULT_TOKEN
	# > vault cli
	# > httpie (https://github.com/jkbrzt/httpie)
	# > jq (https://stedolan.github.io/jq/)

	# CA
	vault mount -path=rafpe_ca -description="rafpe Root CA" -max-lease-ttl=175200h pki
	http POST "$VAULT_ADDR/v1/rafpe_ca/root/generate/exported" X-Vault-Token:$VAULT_TOKEN common_name="RafPe Root CA" ttl="175200h" > root_ca.json
	cat root_ca.json \| jq -r .data.certificate > root_ca.pem
	cat root_ca.json \| jq -r .data.private_key > root_ca.key

	# Mount intermediate
	vault mount -path=rafpe_intermediate -description="rafpe intermediate CA" -max-lease-ttl=8760h pki

	# Configure URLs
	vault write rafpe_intermediate/config/urls crl_distribution_points="https://vault.rafpe.ninja/v1/rafpe_intermediate/crl"
	vault write rafpe_intermediate/config/urls issuing_certificates="https://vault.rafpe.ninja/v1/rafpe_intermediate"

	# Generate CSRs for intermediate
	http POST "$VAULT_ADDR/v1/rafpe_intermediate/intermediate/generate/exported" X-Vault-Token:$VAULT_TOKEN common_name='rafpe intermediate CA' ttl="8760h" exclude_cn_from_sans="true" > intermediate.json
	cat intermediate.json \| jq -r .data.csr > intermediate.csr
	cat intermediate.json \| jq -r .data.private_key > intermediate.key

	# Sign intermediate
	http POST "$VAULT_ADDR/v1/rafpe_ca/root/sign-intermediate" X-Vault-Token:$VAULT_TOKEN common_name='rafpe intermediate CA' ttl="8760h" [email protected] > signed_intermediate.json
	cat signed_intermediate.json\| jq -r .data.certificate > intermediate.cert

	# Set signed cert for intermediate
	vault write rafpe_intermediate/intermediate/set-signed [email protected]