|
|
|
@ -20,6 +20,9 @@ print_help() {
|
|
|
|
|
--cadays - CA cert expiration in days\t(default: 3650)\n"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Parse command line arguments
|
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
# A POSIX variable
|
|
|
|
|
OPTIND=1 # Reset in case getopts has been used previously in the shell.
|
|
|
|
|
|
|
|
|
@ -96,6 +99,9 @@ fi
|
|
|
|
|
# echo ARG_CA=$ARG_CA
|
|
|
|
|
# echo ARG_CADAYS=$ARG_CADAYS
|
|
|
|
|
|
|
|
|
|
# prepare common variables
|
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
OPENSSL_CONFIG="openssl.cnf"
|
|
|
|
|
CA_KEY="${ARG_CAKEY:-ca.key}"
|
|
|
|
|
CA_CERT="${ARG_CA:-ca.crt}"
|
|
|
|
@ -107,6 +113,46 @@ DAYS="${ARG_DAYS:-365}"
|
|
|
|
|
# set -x
|
|
|
|
|
set -e
|
|
|
|
|
|
|
|
|
|
# install openssl
|
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
install_openssl() {
|
|
|
|
|
set +e
|
|
|
|
|
type openssl >/dev/null 2>&1
|
|
|
|
|
if [ $? -eq 0 ]; then
|
|
|
|
|
return;
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ $(id -u) -ne 0 ]; then
|
|
|
|
|
echo "This script must be run as root in order to install openssl package."
|
|
|
|
|
echo "If you cannot run this script as root, then make sure you have the openssl package."
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ -f /etc/debian_version ]; then
|
|
|
|
|
echo "[${ME}] Installing openssl in Debian/Ubuntu"
|
|
|
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
|
|
|
apt-get update
|
|
|
|
|
apt-get -y install openssl
|
|
|
|
|
elif [ -f /etc/alpine-release ]; then
|
|
|
|
|
echo "[${ME}] Installing openssl in Alpine"
|
|
|
|
|
apk add --update openssl
|
|
|
|
|
elif [ -f /etc/centos-release ]; then
|
|
|
|
|
echo "[${ME}] Installing openssl in CentOS"
|
|
|
|
|
yum -y install openssl
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
type openssl >/dev/null
|
|
|
|
|
if [ $? -ne 0 ]; then
|
|
|
|
|
echo "[${ME}] ERROR: Could not install openssl. Exitting."
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
set -e
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# generate openssl config
|
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
gen_openssl_config() {
|
|
|
|
|
OPENSSL_CONFIG_CONTENT="[ req ]
|
|
|
|
|
distinguished_name = req_distinguished_name
|
|
|
|
@ -131,6 +177,9 @@ subjectAltName = @alt_names
|
|
|
|
|
printf "${OPENSSL_CONFIG_CONTENT}\n${PAYLOAD}\n" > "${OPENSSL_CONFIG}"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# generate CA certificate
|
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
gen_ca() {
|
|
|
|
|
echo "[${ME}] Generating new CA: ${CA_KEY} / ${CA_CERT} ..."
|
|
|
|
|
openssl ecparam -name prime256v1 -genkey -noout -out "${CA_KEY}"
|
|
|
|
@ -139,6 +188,9 @@ gen_ca() {
|
|
|
|
|
-subj "/CN=my-CA" -extensions v3_ca -config "${OPENSSL_CONFIG}"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# generate server certificate
|
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
gen_server_x509() {
|
|
|
|
|
echo "[${ME}] Generating new server x509: ${SERVER_KEY} / ${SERVER_CERT} ..."
|
|
|
|
|
openssl ecparam -name prime256v1 -genkey -noout -out "${SERVER_KEY}"
|
|
|
|
@ -149,34 +201,6 @@ gen_server_x509() {
|
|
|
|
|
-extensions v3_req_server -extfile "${OPENSSL_CONFIG}"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
install_openssl() {
|
|
|
|
|
set +e
|
|
|
|
|
type openssl >/dev/null 2>&1
|
|
|
|
|
if [ $? -eq 0 ]; then
|
|
|
|
|
return;
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ -f /etc/debian_version ]; then
|
|
|
|
|
echo "[${ME}] Installing openssl in Debian/Ubuntu"
|
|
|
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
|
|
|
apt-get update
|
|
|
|
|
apt-get -y install openssl
|
|
|
|
|
elif [ -f /etc/alpine-release ]; then
|
|
|
|
|
echo "[${ME}] Installing openssl in Alpine"
|
|
|
|
|
apk add --update openssl
|
|
|
|
|
elif [ -f /etc/centos-release ]; then
|
|
|
|
|
echo "[${ME}] Installing openssl in CentOS"
|
|
|
|
|
yum -y install openssl
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
type openssl >/dev/null
|
|
|
|
|
if [ $? -ne 0 ]; then
|
|
|
|
|
echo "[${ME}] ERROR: Could not install openssl. Exitting."
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
set -e
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
start() {
|
|
|
|
|
echo "[${ME}] Started in ${PWD} directory."
|
|
|
|
|
|
|
|
|
@ -208,4 +232,7 @@ start() {
|
|
|
|
|
echo "${CERT_INFO}" | grep -E "CN=|IP Address|Not\ "
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# script starts here
|
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
start;
|
|
|
|
|