add root user check +refactor
This commit is contained in:
parent
4567ffc5d7
commit
3aa403691c
83
gencert.sh
83
gencert.sh
@ -20,6 +20,9 @@ print_help() {
|
||||
--cadays - CA cert expiration in days\t(default: 3650)\n"
|
||||
}
|
||||
|
||||
# Parse command line arguments
|
||||
##
|
||||
|
||||
# A POSIX variable
|
||||
OPTIND=1 # Reset in case getopts has been used previously in the shell.
|
||||
|
||||
@ -96,6 +99,9 @@ fi
|
||||
# echo ARG_CA=$ARG_CA
|
||||
# echo ARG_CADAYS=$ARG_CADAYS
|
||||
|
||||
# prepare common variables
|
||||
##
|
||||
|
||||
OPENSSL_CONFIG="openssl.cnf"
|
||||
CA_KEY="${ARG_CAKEY:-ca.key}"
|
||||
CA_CERT="${ARG_CA:-ca.crt}"
|
||||
@ -107,6 +113,46 @@ DAYS="${ARG_DAYS:-365}"
|
||||
# set -x
|
||||
set -e
|
||||
|
||||
# install openssl
|
||||
##
|
||||
|
||||
install_openssl() {
|
||||
set +e
|
||||
type openssl >/dev/null 2>&1
|
||||
if [ $? -eq 0 ]; then
|
||||
return;
|
||||
fi
|
||||
|
||||
if [ $(id -u) -ne 0 ]; then
|
||||
echo "This script must be run as root in order to install openssl package."
|
||||
echo "If you cannot run this script as root, then make sure you have the openssl package."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -f /etc/debian_version ]; then
|
||||
echo "[${ME}] Installing openssl in Debian/Ubuntu"
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
apt-get update
|
||||
apt-get -y install openssl
|
||||
elif [ -f /etc/alpine-release ]; then
|
||||
echo "[${ME}] Installing openssl in Alpine"
|
||||
apk add --update openssl
|
||||
elif [ -f /etc/centos-release ]; then
|
||||
echo "[${ME}] Installing openssl in CentOS"
|
||||
yum -y install openssl
|
||||
fi
|
||||
|
||||
type openssl >/dev/null
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "[${ME}] ERROR: Could not install openssl. Exitting."
|
||||
exit 1
|
||||
fi
|
||||
set -e
|
||||
}
|
||||
|
||||
# generate openssl config
|
||||
##
|
||||
|
||||
gen_openssl_config() {
|
||||
OPENSSL_CONFIG_CONTENT="[ req ]
|
||||
distinguished_name = req_distinguished_name
|
||||
@ -131,6 +177,9 @@ subjectAltName = @alt_names
|
||||
printf "${OPENSSL_CONFIG_CONTENT}\n${PAYLOAD}\n" > "${OPENSSL_CONFIG}"
|
||||
}
|
||||
|
||||
# generate CA certificate
|
||||
##
|
||||
|
||||
gen_ca() {
|
||||
echo "[${ME}] Generating new CA: ${CA_KEY} / ${CA_CERT} ..."
|
||||
openssl ecparam -name prime256v1 -genkey -noout -out "${CA_KEY}"
|
||||
@ -139,6 +188,9 @@ gen_ca() {
|
||||
-subj "/CN=my-CA" -extensions v3_ca -config "${OPENSSL_CONFIG}"
|
||||
}
|
||||
|
||||
# generate server certificate
|
||||
##
|
||||
|
||||
gen_server_x509() {
|
||||
echo "[${ME}] Generating new server x509: ${SERVER_KEY} / ${SERVER_CERT} ..."
|
||||
openssl ecparam -name prime256v1 -genkey -noout -out "${SERVER_KEY}"
|
||||
@ -149,34 +201,6 @@ gen_server_x509() {
|
||||
-extensions v3_req_server -extfile "${OPENSSL_CONFIG}"
|
||||
}
|
||||
|
||||
install_openssl() {
|
||||
set +e
|
||||
type openssl >/dev/null 2>&1
|
||||
if [ $? -eq 0 ]; then
|
||||
return;
|
||||
fi
|
||||
|
||||
if [ -f /etc/debian_version ]; then
|
||||
echo "[${ME}] Installing openssl in Debian/Ubuntu"
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
apt-get update
|
||||
apt-get -y install openssl
|
||||
elif [ -f /etc/alpine-release ]; then
|
||||
echo "[${ME}] Installing openssl in Alpine"
|
||||
apk add --update openssl
|
||||
elif [ -f /etc/centos-release ]; then
|
||||
echo "[${ME}] Installing openssl in CentOS"
|
||||
yum -y install openssl
|
||||
fi
|
||||
|
||||
type openssl >/dev/null
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "[${ME}] ERROR: Could not install openssl. Exitting."
|
||||
exit 1
|
||||
fi
|
||||
set -e
|
||||
}
|
||||
|
||||
start() {
|
||||
echo "[${ME}] Started in ${PWD} directory."
|
||||
|
||||
@ -208,4 +232,7 @@ start() {
|
||||
echo "${CERT_INFO}" | grep -E "CN=|IP Address|Not\ "
|
||||
}
|
||||
|
||||
# script starts here
|
||||
##
|
||||
|
||||
start;
|
||||
|
Loading…
Reference in New Issue
Block a user