hack/tls-setup/README.md - external/github.com/coreos/etcd - Git at Google

 This demonstrates using Cloudflare's [cfssl](https://github.com/cloudflare/cfssl) to easily generate certificates for an etcd cluster.

 Defaults generate an ECDSA-384 root and leaf certificates for `localhost`. etcd nodes will use the same certificates for both sides of mutual authentication, but won't require client certs for non-peer clients.

 **Instructions**

 1. Install git, go, and make
 2. Amend https://github.com/coreos/etcd/blob/master/hack/tls-setup/config/req-csr.json - IP's currently in the config should be replaced/added with IP addresses of each cluster node, please note 127.0.0.1 is always required for loopback purposes:
 ```json
 Example:
 {
   "CN": "etcd",
   "hosts": [
     "3.8.121.201",
     "46.4.19.20",
     "127.0.0.1"
   ],
   "key": {
     "algo": "ecdsa",
     "size": 384
   },
   "names": [
     {
       "O": "autogenerated",
       "OU": "etcd cluster",
       "L": "the internet"
     }
   ]
 }
 ```
 3. Run `make` to generate the certs
	This demonstrates using Cloudflare's [cfssl](https://github.com/cloudflare/cfssl) to easily generate certificates for an etcd cluster.

	Defaults generate an ECDSA-384 root and leaf certificates for `localhost`. etcd nodes will use the same certificates for both sides of mutual authentication, but won't require client certs for non-peer clients.

	Instructions

	1. Install git, go, and make
	2. Amend https://github.com/coreos/etcd/blob/master/hack/tls-setup/config/req-csr.json - IP's currently in the config should be replaced/added with IP addresses of each cluster node, please note 127.0.0.1 is always required for loopback purposes:
	```json
	Example:
	{
	"CN": "etcd",
	"hosts": [
	"3.8.121.201",
	"46.4.19.20",
	"127.0.0.1"
	],
	"key": {
	"algo": "ecdsa",
	"size": 384
	},
	"names": [
	{
	"O": "autogenerated",
	"OU": "etcd cluster",
	"L": "the internet"
	}
	]
	}
	```
	3. Run `make` to generate the certs