|
|
|
@ -2,7 +2,7 @@
|
|
|
|
|
# Filename: gencert.sh
|
|
|
|
|
# Description: This script generates x509 server certificate (with all IPs in
|
|
|
|
|
# SAN) signed by a self-signed CA.
|
|
|
|
|
# Version: 1.1 - 2018 July 15
|
|
|
|
|
# Version: 1.2 - 2018 July 15
|
|
|
|
|
# Author: Andrey Arapov <andrey.arapov@nixaid.com>
|
|
|
|
|
# License: GPLv3
|
|
|
|
|
|
|
|
|
@ -18,113 +18,120 @@ print_help() {
|
|
|
|
|
--cakey - CA key name\t\t\t(default: ca.key)
|
|
|
|
|
--ca - CA cert name\t\t\t(default: ca.crt)
|
|
|
|
|
--cadays - CA cert expiration in days\t(default: 3650)\n
|
|
|
|
|
--nosan - do not write SAN records\n"
|
|
|
|
|
--nosan - do not write SAN records\n
|
|
|
|
|
--debug - show extra information\n"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Parse command line arguments
|
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
# A POSIX variable
|
|
|
|
|
OPTIND=1 # Reset in case getopts has been used previously in the shell.
|
|
|
|
|
|
|
|
|
|
# read arguments
|
|
|
|
|
opts=$(getopt \
|
|
|
|
|
--longoptions "help,cn:,key:,cert:,days:,cakey:,ca:,cadays:,nosan," \
|
|
|
|
|
--name "$(basename "$0")" \
|
|
|
|
|
--options "" \
|
|
|
|
|
-- "$@"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
eval set --$opts
|
|
|
|
|
|
|
|
|
|
while [ $# -gt 0 ]; do
|
|
|
|
|
case "$1" in
|
|
|
|
|
--help)
|
|
|
|
|
print_help;
|
|
|
|
|
exit 0
|
|
|
|
|
;;
|
|
|
|
|
|
|
|
|
|
--cn)
|
|
|
|
|
ARG_CN=$2
|
|
|
|
|
shift 2
|
|
|
|
|
;;
|
|
|
|
|
|
|
|
|
|
--key)
|
|
|
|
|
ARG_KEY=$2
|
|
|
|
|
shift 2
|
|
|
|
|
;;
|
|
|
|
|
|
|
|
|
|
--cert)
|
|
|
|
|
ARG_CERT=$2
|
|
|
|
|
shift 2
|
|
|
|
|
;;
|
|
|
|
|
|
|
|
|
|
--days)
|
|
|
|
|
ARG_DAYS=$2
|
|
|
|
|
shift 2
|
|
|
|
|
;;
|
|
|
|
|
|
|
|
|
|
--cakey)
|
|
|
|
|
ARG_CAKEY=$2
|
|
|
|
|
shift 2
|
|
|
|
|
;;
|
|
|
|
|
|
|
|
|
|
--ca)
|
|
|
|
|
ARG_CA=$2
|
|
|
|
|
shift 2
|
|
|
|
|
;;
|
|
|
|
|
|
|
|
|
|
--cadays)
|
|
|
|
|
ARG_CADAYS=$2
|
|
|
|
|
shift 2
|
|
|
|
|
;;
|
|
|
|
|
|
|
|
|
|
--nosan)
|
|
|
|
|
ARG_NOSAN=1
|
|
|
|
|
shift 2
|
|
|
|
|
;;
|
|
|
|
|
|
|
|
|
|
*)
|
|
|
|
|
break
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
if [ -z "${ARG_CN}" ]; then
|
|
|
|
|
echo "[${ME}] ERROR: Please specify CN, example \"--cn your.site.com\""
|
|
|
|
|
print_help;
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# For debugging purposes
|
|
|
|
|
# echo ARG_CN=$ARG_CN
|
|
|
|
|
# echo ARG_KEY=$ARG_KEY
|
|
|
|
|
# echo ARG_CERT=$ARG_CERT
|
|
|
|
|
# echo ARG_DAYS=$ARG_DAYS
|
|
|
|
|
# echo ARG_CAKEY=$ARG_CAKEY
|
|
|
|
|
# echo ARG_CA=$ARG_CA
|
|
|
|
|
# echo ARG_CADAYS=$ARG_CADAYS
|
|
|
|
|
# echo ARG_NOSAN=$ARG_NOSAN
|
|
|
|
|
|
|
|
|
|
# prepare common variables
|
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
OPENSSL_CONFIG="openssl.cnf"
|
|
|
|
|
CA_KEY="${ARG_CAKEY:-ca.key}"
|
|
|
|
|
CA_CERT="${ARG_CA:-ca.crt}"
|
|
|
|
|
CA_DAYS="${ARG_CADAYS:-3650}"
|
|
|
|
|
SERVER_KEY="${ARG_KEY:-private.key}"
|
|
|
|
|
SERVER_CERT="${ARG_CERT:-public.crt}"
|
|
|
|
|
DAYS="${ARG_DAYS:-365}"
|
|
|
|
|
|
|
|
|
|
# set -x
|
|
|
|
|
set -e
|
|
|
|
|
parse_arguments() {
|
|
|
|
|
# A POSIX variable
|
|
|
|
|
OPTIND=1 # Reset in case getopts has been used previously in the shell.
|
|
|
|
|
|
|
|
|
|
# read arguments
|
|
|
|
|
opts=$(getopt \
|
|
|
|
|
--longoptions "help,cn:,key:,cert:,days:,cakey:,ca:,cadays:,nosan,debug" \
|
|
|
|
|
--name "$(basename "$0")" \
|
|
|
|
|
--options "" \
|
|
|
|
|
-- "$@"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
eval set --$opts
|
|
|
|
|
|
|
|
|
|
while [ $# -gt 0 ]; do
|
|
|
|
|
case "$1" in
|
|
|
|
|
--help)
|
|
|
|
|
print_help;
|
|
|
|
|
exit 0
|
|
|
|
|
;;
|
|
|
|
|
|
|
|
|
|
--cn)
|
|
|
|
|
ARG_CN=$2
|
|
|
|
|
shift 2
|
|
|
|
|
;;
|
|
|
|
|
|
|
|
|
|
--key)
|
|
|
|
|
ARG_KEY=$2
|
|
|
|
|
shift 2
|
|
|
|
|
;;
|
|
|
|
|
|
|
|
|
|
--cert)
|
|
|
|
|
ARG_CERT=$2
|
|
|
|
|
shift 2
|
|
|
|
|
;;
|
|
|
|
|
|
|
|
|
|
--days)
|
|
|
|
|
ARG_DAYS=$2
|
|
|
|
|
shift 2
|
|
|
|
|
;;
|
|
|
|
|
|
|
|
|
|
--cakey)
|
|
|
|
|
ARG_CAKEY=$2
|
|
|
|
|
shift 2
|
|
|
|
|
;;
|
|
|
|
|
|
|
|
|
|
--ca)
|
|
|
|
|
ARG_CA=$2
|
|
|
|
|
shift 2
|
|
|
|
|
;;
|
|
|
|
|
|
|
|
|
|
--cadays)
|
|
|
|
|
ARG_CADAYS=$2
|
|
|
|
|
shift 2
|
|
|
|
|
;;
|
|
|
|
|
|
|
|
|
|
--nosan)
|
|
|
|
|
ARG_NOSAN=1
|
|
|
|
|
shift 2
|
|
|
|
|
;;
|
|
|
|
|
|
|
|
|
|
--debug)
|
|
|
|
|
ARG_DEBUG=1
|
|
|
|
|
shift 2
|
|
|
|
|
;;
|
|
|
|
|
|
|
|
|
|
*)
|
|
|
|
|
break
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
if [ -z "${ARG_CN}" ]; then
|
|
|
|
|
echo "[${ME}] ERROR: Please specify CN, example \"--cn your.site.com\""
|
|
|
|
|
print_help;
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# For debugging purposes
|
|
|
|
|
if [ $ARG_DEBUG -eq 1 ]; then
|
|
|
|
|
echo ARG_CN=$ARG_CN
|
|
|
|
|
echo ARG_KEY=$ARG_KEY
|
|
|
|
|
echo ARG_CERT=$ARG_CERT
|
|
|
|
|
echo ARG_DAYS=$ARG_DAYS
|
|
|
|
|
echo ARG_CAKEY=$ARG_CAKEY
|
|
|
|
|
echo ARG_CA=$ARG_CA
|
|
|
|
|
echo ARG_CADAYS=$ARG_CADAYS
|
|
|
|
|
echo ARG_NOSAN=$ARG_NOSAN
|
|
|
|
|
echo ARG_DEBUG=$ARG_DEBUG
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# prepare common variables
|
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
OPENSSL_CONFIG="openssl.cnf"
|
|
|
|
|
CA_KEY="${ARG_CAKEY:-ca.key}"
|
|
|
|
|
CA_CERT="${ARG_CA:-ca.crt}"
|
|
|
|
|
CA_DAYS="${ARG_CADAYS:-3650}"
|
|
|
|
|
SERVER_KEY="${ARG_KEY:-private.key}"
|
|
|
|
|
SERVER_CERT="${ARG_CERT:-public.crt}"
|
|
|
|
|
DAYS="${ARG_DAYS:-365}"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# install openssl
|
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
has_openssl() {
|
|
|
|
|
set +e
|
|
|
|
|
type openssl >/dev/null 2>&1
|
|
|
|
|
if [ $? -eq 0 ]; then
|
|
|
|
|
return;
|
|
|
|
@ -154,14 +161,12 @@ has_openssl() {
|
|
|
|
|
echo "[${ME}] ERROR: Could not install openssl. Exitting."
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
set -e
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# install getopt
|
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
has_getopt() {
|
|
|
|
|
set +e
|
|
|
|
|
type getopt >/dev/null 2>&1
|
|
|
|
|
if [ $? -eq 0 ]; then
|
|
|
|
|
return;
|
|
|
|
@ -192,7 +197,6 @@ has_getopt() {
|
|
|
|
|
echo "[${ME}] ERROR: Could not install getopt. Exitting."
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
set -e
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# generate openssl config
|
|
|
|
@ -250,8 +254,11 @@ gen_server_x509() {
|
|
|
|
|
start() {
|
|
|
|
|
echo "[${ME}] Started in ${PWD} directory."
|
|
|
|
|
|
|
|
|
|
has_openssl;
|
|
|
|
|
has_getopt;
|
|
|
|
|
has_openssl;
|
|
|
|
|
|
|
|
|
|
parse_arguments "$@";
|
|
|
|
|
|
|
|
|
|
gen_openssl_config;
|
|
|
|
|
|
|
|
|
|
if [ ! -f "${CA_KEY}" ]; then
|
|
|
|
@ -282,4 +289,4 @@ start() {
|
|
|
|
|
# script starts here
|
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
start;
|
|
|
|
|
start "$@";
|
|
|
|
|