mirror of
https://github.com/sigp/lighthouse.git
synced 2026-03-09 11:41:51 +00:00
286b67f048
https://github.com/sigp/lighthouse/issues/8756 Only the Web3Signer actually needs OpenSSL in order to parse PKCS12 certificates. This updates the function to instead manually parse the cert (using the `p12-keystore` crate) and converts it to a `PEM` certificate (using the `pem` crate) which can be directly converted to a `reqwest::tls::Identity` as this can be done directly in `rustls`. Co-Authored-By: Mac L <mjladson@pm.me>
13 lines
1022 B
Bash
Executable File
13 lines
1022 B
Bash
Executable File
#!/bin/bash
|
|
|
|
# We specify `-days 825` when generating the certificate files because Apple requires TLS server certificates to have a
|
|
# validity period of 825 days or fewer.
|
|
# See https://github.com/sigp/lighthouse/issues/6442#issuecomment-2474979183
|
|
|
|
openssl req -x509 -sha256 -nodes -days 825 -newkey rsa:4096 -keyout web3signer/key.key -out web3signer/cert.pem -config web3signer/config &&
|
|
openssl pkcs12 -export -out web3signer/key.p12 -inkey web3signer/key.key -in web3signer/cert.pem -password pass:$(cat web3signer/password.txt) &&
|
|
cp web3signer/cert.pem lighthouse/web3signer.pem &&
|
|
openssl req -x509 -sha256 -nodes -days 825 -newkey rsa:4096 -keyout lighthouse/key.key -out lighthouse/cert.pem -config lighthouse/config &&
|
|
openssl pkcs12 -export -out lighthouse/key.p12 -inkey lighthouse/key.key -in lighthouse/cert.pem -password pass:$(cat lighthouse/password.txt) &&
|
|
openssl x509 -noout -fingerprint -sha256 -inform pem -in lighthouse/cert.pem | cut -b 20-| sed "s/^/lighthouse /" > web3signer/known_clients.txt
|