forked from waylybaye/LoveBundle
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathgencert.sh
More file actions
executable file
·101 lines (84 loc) · 2.37 KB
/
gencert.sh
File metadata and controls
executable file
·101 lines (84 loc) · 2.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
#!/bin/sh
set -e
CERTS_DIR=$CA_ROOT
mkdir -p $CERTS_DIR
cd $CERTS_DIR
DOMAIN="$1"
if [ ! -z "$2" ] && [ ! -z "$3" ]; then
USERNAME="$2"
PASSWORD="$3"
CLIENT="${USERNAME}@${DOMAIN}"
fi
cat > hyperapp-ca.tmpl <<_EOF_
cn = "HyperApp Root CA"
organization = "HyperApp"
serial = 1
expiration_days = 3650
ca
signing_key
cert_signing_key
crl_signing_key
_EOF_
cat > hyperapp-server.tmpl <<_EOF_
cn = "${DOMAIN}"
dns_name = "${DOMAIN}"
organization = "HyperApp"
serial = 2
expiration_days = 3650
encryption_key
signing_key
tls_www_server
_EOF_
cat > hyperapp-client.tmpl <<_EOF_
cn = "${CLIENT}"
uid = "${CLIENT}"
unit = "HyperApp"
expiration_days = 3650
signing_key
tls_www_client
_EOF_
if [ ! -f "${CERTS_DIR}/hyperapp-ca-key.pem" ]; then
echo "[INFO] generating root CA"
# gen ca keys
certtool --generate-privkey \
--outfile hyperapp-ca-key.pem
certtool --generate-self-signed \
--load-privkey hyperapp-ca-key.pem \
--template hyperapp-ca.tmpl \
--outfile hyperapp-ca-cert.pem
fi
if [ ! -f "${CERTS_DIR}/${DOMAIN}".self-signed.crt ]; then
echo "[INFO] generating ${DOMAIN} certs"
certtool --generate-privkey \
--outfile "${DOMAIN}".self-signed.key
certtool --generate-certificate \
--load-privkey "${DOMAIN}".self-signed.key \
--load-ca-certificate hyperapp-ca-cert.pem \
--load-ca-privkey hyperapp-ca-key.pem \
--template hyperapp-server.tmpl \
--outfile "${DOMAIN}".self-signed.crt
fi
if [ ! -z "$CLIENT" ] && [ ! -f "${CERTS_DIR}/${CLIENT}".p12 ]; then
echo "[INFO] generating client certs"
# gen client keys
certtool --generate-privkey \
--outfile "${CLIENT}"-key.pem
certtool --generate-certificate \
--load-privkey "${CLIENT}"-key.pem \
--load-ca-certificate hyperapp-ca-cert.pem \
--load-ca-privkey hyperapp-ca-key.pem \
--template hyperapp-client.tmpl \
--outfile "${CLIENT}"-cert.pem
certtool --to-p12 \
--pkcs-cipher 3des-pkcs12 \
--load-ca-certificate hyperapp-ca-cert.pem \
--load-certificate "${CLIENT}"-cert.pem \
--load-privkey "${CLIENT}"-key.pem \
--outfile "${CLIENT}".p12 \
--outder \
--p12-name "${DOMAIN}" \
--password "${PASSWORD}"
fi
rm hyperapp-ca.tmpl
rm hyperapp-server.tmpl
rm hyperapp-client.tmpl