Fork: 0
yangyangxie / cortex-hub
Transfer to URL with SHA Find file
Newer
Older
cortex-hub / poc-grpc-agent / scripts / generate_certs.sh
@Antigravity AI Antigravity AI 1 day ago 1 KB feat(agent): complete phase 2 security, identity, and observability #6
Raw Blame History 
#!/bin/bash
# Exit on any error
set -e

CERT_DIR="./certs"
mkdir -p "$CERT_DIR"

echo "🔐 Generating Root CA..."
# 1. Generate Root CA Key
openssl genrsa -out "$CERT_DIR/ca.key" 4096
# 2. Generate Root CA Certificate (Self-signed)
openssl req -new -x509 -days 365 -key "$CERT_DIR/ca.key" -out "$CERT_DIR/ca.crt" \
    -subj "/C=US/ST=CA/L=SF/O=Cortex/CN=CortexRootCA"

echo "🖥️ Generating Server Certificate..."
# 3. Generate Server Private Key
openssl genrsa -out "$CERT_DIR/server.key" 2048
# 4. Generate Server Certificate Signing Request (CSR)
openssl req -new -key "$CERT_DIR/server.key" -out "$CERT_DIR/server.csr" \
    -subj "/C=US/ST=CA/L=SF/O=Cortex/CN=localhost"
# 5. Sign Server CSR with Root CA
# Adding SAN (Subject Alternative Name) for localhost to prevent SSL verification errors
echo "subjectAltName = DNS:localhost, IP:127.0.0.1" > "$CERT_DIR/server.ext"
openssl x509 -req -days 365 -in "$CERT_DIR/server.csr" -CA "$CERT_DIR/ca.crt" -CAkey "$CERT_DIR/ca.key" -set_serial 01 -out "$CERT_DIR/server.crt" -extfile "$CERT_DIR/server.ext"

echo "🤖 Generating Client Certificate..."
# 6. Generate Client Private Key
openssl genrsa -out "$CERT_DIR/client.key" 2048
# 7. Generate Client CSR
openssl req -new -key "$CERT_DIR/client.key" -out "$CERT_DIR/client.csr" \
    -subj "/C=US/ST=CA/L=SF/O=Cortex/CN=agent-node-007"
# 8. Sign Client CSR with Root CA
openssl x509 -req -days 365 -in "$CERT_DIR/client.csr" -CA "$CERT_DIR/ca.crt" -CAkey "$CERT_DIR/ca.key" -set_serial 02 -out "$CERT_DIR/client.crt"

echo "✅ Certificates and keys generated in $CERT_DIR"
# Clean up temporary CSR/EXT files
rm "$CERT_DIR"/*.csr "$CERT_DIR"/*.ext