|
|
@ -153,11 +153,12 @@ EOF |
|
|
|
step ca init --deployment-type=standalone --name="Kaz CA" --dns="ca.mica.sns" --acme --address=":443" --provisioner="contact@kaz.sns" --password-file="/root/ca-passwordfile" |
|
|
|
|
|
|
|
mkdir -p /root/tls |
|
|
|
cp /root/.step/certs/root_ca.crt /root/tls/ |
|
|
|
cp /root/.step/secrets/root_ca_key /root/tls/ |
|
|
|
step crypto change-pass /root/tls/root_ca_key --no-password --insecure --password-file="/root/ca-passwordfile" --force |
|
|
|
cp /root/.step/certs/root_ca.crt /root/tls/root_ca.crt |
|
|
|
chmod 644 /root/tls/root_ca.crt |
|
|
|
cp /root/.step/secrets/root_ca_key /root/tls/root_ca.key |
|
|
|
step crypto change-pass /root/tls/root_ca.key --no-password --insecure --password-file="/root/ca-passwordfile" --force |
|
|
|
|
|
|
|
step certificate create "*.kaz.sns" /root/tls/wildcard.crt /root/tls/wildcard.key --profile leaf --ca /root/.step/certs/intermediate_ca.crt --ca-key /root/.step/secrets/intermediate_ca_key --ca-password-file /root/ca-passwordfile --bundle --force --no-password --insecure |
|
|
|
step certificate create "*.kaz.sns" /root/tls/wildcard.crt /root/tls/wildcard.key --profile leaf --ca /root/.step/certs/intermediate_ca.crt --ca-key /root/.step/secrets/intermediate_ca_key --ca-password-file /root/ca-passwordfile --bundle --force --no-password --insecure --not-after 20000h |
|
|
|
|
|
|
|
# Cache docker registry |
|
|
|
echo "proxy: |
|
|
|