This commit is contained in:
Andy 2018-07-15 20:17:18 +02:00
parent 987ce068f4
commit 6b47f6be4d
Signed by: arno
GPG Key ID: 9076D5E6B31AE99C
2 changed files with 110 additions and 103 deletions

View File

@ -2,7 +2,7 @@
# Filename: gencert.sh # Filename: gencert.sh
# Description: This script generates x509 server certificate (with all IPs in # Description: This script generates x509 server certificate (with all IPs in
# SAN) signed by a self-signed CA. # SAN) signed by a self-signed CA.
# Version: 1.1 - 2018 July 15 # Version: 1.2 - 2018 July 15
# Author: Andrey Arapov <andrey.arapov@nixaid.com> # Author: Andrey Arapov <andrey.arapov@nixaid.com>
# License: GPLv3 # License: GPLv3
@ -18,113 +18,120 @@ print_help() {
--cakey - CA key name\t\t\t(default: ca.key) --cakey - CA key name\t\t\t(default: ca.key)
--ca - CA cert name\t\t\t(default: ca.crt) --ca - CA cert name\t\t\t(default: ca.crt)
--cadays - CA cert expiration in days\t(default: 3650)\n --cadays - CA cert expiration in days\t(default: 3650)\n
--nosan - do not write SAN records\n" --nosan - do not write SAN records\n
--debug - show extra information\n"
} }
# Parse command line arguments # Parse command line arguments
## ##
# A POSIX variable parse_arguments() {
OPTIND=1 # Reset in case getopts has been used previously in the shell. # A POSIX variable
OPTIND=1 # Reset in case getopts has been used previously in the shell.
# read arguments
opts=$(getopt \
--longoptions "help,cn:,key:,cert:,days:,cakey:,ca:,cadays:,nosan,debug" \
--name "$(basename "$0")" \
--options "" \
-- "$@"
)
eval set --$opts
while [ $# -gt 0 ]; do
case "$1" in
--help)
print_help;
exit 0
;;
--cn)
ARG_CN=$2
shift 2
;;
--key)
ARG_KEY=$2
shift 2
;;
--cert)
ARG_CERT=$2
shift 2
;;
--days)
ARG_DAYS=$2
shift 2
;;
--cakey)
ARG_CAKEY=$2
shift 2
;;
--ca)
ARG_CA=$2
shift 2
;;
--cadays)
ARG_CADAYS=$2
shift 2
;;
--nosan)
ARG_NOSAN=1
shift 2
;;
# read arguments --debug)
opts=$(getopt \ ARG_DEBUG=1
--longoptions "help,cn:,key:,cert:,days:,cakey:,ca:,cadays:,nosan," \ shift 2
--name "$(basename "$0")" \ ;;
--options "" \
-- "$@" *)
) break
;;
eval set --$opts esac
done
while [ $# -gt 0 ]; do
case "$1" in if [ -z "${ARG_CN}" ]; then
--help) echo "[${ME}] ERROR: Please specify CN, example \"--cn your.site.com\""
print_help; print_help;
exit 0 exit 1
;; fi
--cn) # For debugging purposes
ARG_CN=$2 if [ $ARG_DEBUG -eq 1 ]; then
shift 2 echo ARG_CN=$ARG_CN
;; echo ARG_KEY=$ARG_KEY
echo ARG_CERT=$ARG_CERT
--key) echo ARG_DAYS=$ARG_DAYS
ARG_KEY=$2 echo ARG_CAKEY=$ARG_CAKEY
shift 2 echo ARG_CA=$ARG_CA
;; echo ARG_CADAYS=$ARG_CADAYS
echo ARG_NOSAN=$ARG_NOSAN
--cert) echo ARG_DEBUG=$ARG_DEBUG
ARG_CERT=$2 fi
shift 2
;; # prepare common variables
##
--days)
ARG_DAYS=$2 OPENSSL_CONFIG="openssl.cnf"
shift 2 CA_KEY="${ARG_CAKEY:-ca.key}"
;; CA_CERT="${ARG_CA:-ca.crt}"
CA_DAYS="${ARG_CADAYS:-3650}"
--cakey) SERVER_KEY="${ARG_KEY:-private.key}"
ARG_CAKEY=$2 SERVER_CERT="${ARG_CERT:-public.crt}"
shift 2 DAYS="${ARG_DAYS:-365}"
;; }
--ca)
ARG_CA=$2
shift 2
;;
--cadays)
ARG_CADAYS=$2
shift 2
;;
--nosan)
ARG_NOSAN=1
shift 2
;;
*)
break
;;
esac
done
if [ -z "${ARG_CN}" ]; then
echo "[${ME}] ERROR: Please specify CN, example \"--cn your.site.com\""
print_help;
exit 1
fi
# For debugging purposes
# echo ARG_CN=$ARG_CN
# echo ARG_KEY=$ARG_KEY
# echo ARG_CERT=$ARG_CERT
# echo ARG_DAYS=$ARG_DAYS
# echo ARG_CAKEY=$ARG_CAKEY
# echo ARG_CA=$ARG_CA
# echo ARG_CADAYS=$ARG_CADAYS
# echo ARG_NOSAN=$ARG_NOSAN
# prepare common variables
##
OPENSSL_CONFIG="openssl.cnf"
CA_KEY="${ARG_CAKEY:-ca.key}"
CA_CERT="${ARG_CA:-ca.crt}"
CA_DAYS="${ARG_CADAYS:-3650}"
SERVER_KEY="${ARG_KEY:-private.key}"
SERVER_CERT="${ARG_CERT:-public.crt}"
DAYS="${ARG_DAYS:-365}"
# set -x
set -e
# install openssl # install openssl
## ##
has_openssl() { has_openssl() {
set +e
type openssl >/dev/null 2>&1 type openssl >/dev/null 2>&1
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
return; return;
@ -154,14 +161,12 @@ has_openssl() {
echo "[${ME}] ERROR: Could not install openssl. Exitting." echo "[${ME}] ERROR: Could not install openssl. Exitting."
exit 1 exit 1
fi fi
set -e
} }
# install getopt # install getopt
## ##
has_getopt() { has_getopt() {
set +e
type getopt >/dev/null 2>&1 type getopt >/dev/null 2>&1
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
return; return;
@ -192,7 +197,6 @@ has_getopt() {
echo "[${ME}] ERROR: Could not install getopt. Exitting." echo "[${ME}] ERROR: Could not install getopt. Exitting."
exit 1 exit 1
fi fi
set -e
} }
# generate openssl config # generate openssl config
@ -250,8 +254,11 @@ gen_server_x509() {
start() { start() {
echo "[${ME}] Started in ${PWD} directory." echo "[${ME}] Started in ${PWD} directory."
has_openssl;
has_getopt; has_getopt;
has_openssl;
parse_arguments "$@";
gen_openssl_config; gen_openssl_config;
if [ ! -f "${CA_KEY}" ]; then if [ ! -f "${CA_KEY}" ]; then
@ -282,4 +289,4 @@ start() {
# script starts here # script starts here
## ##
start; start "$@";

View File

@ -8,7 +8,7 @@ pushd "${TMPDIR}"
for DISTRO in alpine:3.4 alpine:3.7 ubuntu:bionic debian:stretch centos:7; do for DISTRO in alpine:3.4 alpine:3.7 ubuntu:bionic debian:stretch centos:7; do
printf "\n\n\nTesting the script with ${DISTRO} ...\n\n\n" printf "\n\n\nTesting the script with ${DISTRO} ...\n\n\n"
rm -vf openssl.cnf private.key public.crt ca.crt ca.key ca.srl rm -vf openssl.cnf private.key public.crt ca.crt ca.key ca.srl
docker run --rm -ti -v ${PWD}:/w -w /w ${DISTRO} sh gencert.sh --cn test.example.com docker run --rm -ti -v ${PWD}:/w -w /w ${DISTRO} sh gencert.sh --cn test.example.com --debug
printf "\n\n\n" printf "\n\n\n"
done done