Untitled
unknown
terraform
a year ago
2.3 kB
1
Indexable
Never
resource "tls_private_key" "server_ca_private_key" { algorithm = "RSA" } # resource "local_file" "server_ca_key" { content = tls_private_key.server_ca_private_key.private_key_pem filename = "${path.module}/certs/ServerCA.key" } resource "tls_self_signed_cert" "server_ca_cert" { private_key_pem = tls_private_key.server_ca_private_key.private_key_pem is_ca_certificate = true subject { country = "IN" province = "Mahrashatra" locality = "Mumbai" common_name = "VPN Server Root CA" organization = "VPN Server Solutions Pvt Ltd." organizational_unit = "VPN Server Root Certification Auhtority" } validity_period_hours = 43800 // 1825 days or 5 years allowed_uses = [ "digital_signature", "cert_signing", "crl_signing", ] } resource "local_file" "server_ca_cert" { content = tls_self_signed_cert.server_ca_cert.cert_pem filename = "${path.module}/certs/ServerCA.cert" } # Create private key for client certificate resource "tls_private_key" "client" { algorithm = "RSA" } resource "local_file" "client_key" { content = tls_private_key.client.private_key_pem filename = "${path.module}/certs/client.key" } # Create CSR for for client certificate resource "tls_cert_request" "client_request" { private_key_pem = tls_private_key.client.private_key_pem subject { country = "IN" province = "Mahrashatra" locality = "Mumbai" common_name = "VPN Server Internal" organization = "VPN Server Solutions" organizational_unit = "Development" } } # Sign Seerver Certificate by Private CA resource "tls_locally_signed_cert" "client_cert" { // CSR by the client cert_request_pem = tls_cert_request.client_request.cert_request_pem // CA Private key ca_private_key_pem = tls_private_key.server_ca_private_key.private_key_pem // CA certificate ca_cert_pem = tls_self_signed_cert.server_ca_cert.cert_pem validity_period_hours = 43800 allowed_uses = [ "digital_signature", "key_encipherment", "server_auth", "client_auth", ] } resource "local_file" "cm_internal_cert" { content = tls_locally_signed_cert.client_cert.cert_pem filename = "${path.module}/certs/client.cert" }