arno
/
gencert
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fixes

Browse Source
master
Andy 6 years ago
parent 987ce068f4
commit 6b47f6be4d
Signed by: arno
GPG Key ID: 9076D5E6B31AE99C
2 changed files with 111 additions and 104 deletions
Show Stats Download Patch File Download Diff File

213
gencert.sh
Unescape View File

@ -2,7 +2,7 @@
# Filename: gencert.sh # Filename: gencert.sh
# Description: This script generates x509 server certificate (with all IPs in # Description: This script generates x509 server certificate (with all IPs in
# SAN) signed by a self-signed CA. # SAN) signed by a self-signed CA.
# Version: 1.1 - 2018 July 15 # Version: 1.2 - 2018 July 15
# Author: Andrey Arapov <andrey.arapov@nixaid.com> # Author: Andrey Arapov <andrey.arapov@nixaid.com>
# License: GPLv3 # License: GPLv3
@ -18,113 +18,120 @@ print_help() {
--cakey - CA key name\t\t\t(default: ca.key) --cakey - CA key name\t\t\t(default: ca.key)
--ca - CA cert name\t\t\t(default: ca.crt) --ca - CA cert name\t\t\t(default: ca.crt)
--cadays - CA cert expiration in days\t(default: 3650)\n --cadays - CA cert expiration in days\t(default: 3650)\n
--nosan - do not write SAN records\n" --nosan - do not write SAN records\n
--debug - show extra information\n"
} }
# Parse command line arguments # Parse command line arguments
## ##
# A POSIX variable parse_arguments() {
OPTIND=1 # Reset in case getopts has been used previously in the shell. # A POSIX variable
OPTIND=1 # Reset in case getopts has been used previously in the shell.
# read arguments
opts=$(getopt \ # read arguments
--longoptions "help,cn:,key:,cert:,days:,cakey:,ca:,cadays:,nosan," \ opts=$(getopt \
--name "$(basename "$0")" \ --longoptions "help,cn:,key:,cert:,days:,cakey:,ca:,cadays:,nosan,debug" \
--options "" \ --name "$(basename "$0")" \
-- "$@" --options "" \
) -- "$@"
)
eval set --$opts
eval set --$opts
while [ $# -gt 0 ]; do
case "$1" in while [ $# -gt 0 ]; do
--help) case "$1" in
print_help; --help)
exit 0 print_help;
;; exit 0
;;
--cn)
ARG_CN=$2 --cn)
shift 2 ARG_CN=$2
;; shift 2
;;
--key)
ARG_KEY=$2 --key)
shift 2 ARG_KEY=$2
;; shift 2
;;
--cert)
ARG_CERT=$2 --cert)
shift 2 ARG_CERT=$2
;; shift 2
;;
--days)
ARG_DAYS=$2 --days)
shift 2 ARG_DAYS=$2
;; shift 2
;;
--cakey)
ARG_CAKEY=$2 --cakey)
shift 2 ARG_CAKEY=$2
;; shift 2
;;
--ca)
ARG_CA=$2 --ca)
shift 2 ARG_CA=$2
;; shift 2
;;
--cadays)
ARG_CADAYS=$2 --cadays)
shift 2 ARG_CADAYS=$2
;; shift 2
;;
--nosan)
ARG_NOSAN=1 --nosan)
shift 2 ARG_NOSAN=1
;; shift 2
;;
*)
break --debug)
;; ARG_DEBUG=1
esac shift 2
done ;;
if [ -z "${ARG_CN}" ]; then *)
echo "[${ME}] ERROR: Please specify CN, example \"--cn your.site.com\"" break
print_help; ;;
exit 1 esac
fi done
# For debugging purposes if [ -z "${ARG_CN}" ]; then
# echo ARG_CN=$ARG_CN echo "[${ME}] ERROR: Please specify CN, example \"--cn your.site.com\""
# echo ARG_KEY=$ARG_KEY print_help;
# echo ARG_CERT=$ARG_CERT exit 1
# echo ARG_DAYS=$ARG_DAYS fi
# echo ARG_CAKEY=$ARG_CAKEY
# echo ARG_CA=$ARG_CA # For debugging purposes
# echo ARG_CADAYS=$ARG_CADAYS if [ $ARG_DEBUG -eq 1 ]; then
# echo ARG_NOSAN=$ARG_NOSAN echo ARG_CN=$ARG_CN
echo ARG_KEY=$ARG_KEY
# prepare common variables echo ARG_CERT=$ARG_CERT
## echo ARG_DAYS=$ARG_DAYS
echo ARG_CAKEY=$ARG_CAKEY
OPENSSL_CONFIG="openssl.cnf" echo ARG_CA=$ARG_CA
CA_KEY="${ARG_CAKEY:-ca.key}" echo ARG_CADAYS=$ARG_CADAYS
CA_CERT="${ARG_CA:-ca.crt}" echo ARG_NOSAN=$ARG_NOSAN
CA_DAYS="${ARG_CADAYS:-3650}" echo ARG_DEBUG=$ARG_DEBUG
SERVER_KEY="${ARG_KEY:-private.key}" fi
SERVER_CERT="${ARG_CERT:-public.crt}"
DAYS="${ARG_DAYS:-365}" # prepare common variables
##
# set -x
set -e OPENSSL_CONFIG="openssl.cnf"
CA_KEY="${ARG_CAKEY:-ca.key}"
CA_CERT="${ARG_CA:-ca.crt}"
CA_DAYS="${ARG_CADAYS:-3650}"
SERVER_KEY="${ARG_KEY:-private.key}"
SERVER_CERT="${ARG_CERT:-public.crt}"
DAYS="${ARG_DAYS:-365}"
}
# install openssl # install openssl
## ##
has_openssl() { has_openssl() {
set +e
type openssl >/dev/null 2>&1 type openssl >/dev/null 2>&1
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
return; return;
@ -154,14 +161,12 @@ has_openssl() {
echo "[${ME}] ERROR: Could not install openssl. Exitting." echo "[${ME}] ERROR: Could not install openssl. Exitting."
exit 1 exit 1
fi fi
set -e
} }
# install getopt # install getopt
## ##
has_getopt() { has_getopt() {
set +e
type getopt >/dev/null 2>&1 type getopt >/dev/null 2>&1
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
return; return;
@ -192,7 +197,6 @@ has_getopt() {
echo "[${ME}] ERROR: Could not install getopt. Exitting." echo "[${ME}] ERROR: Could not install getopt. Exitting."
exit 1 exit 1
fi fi
set -e
} }
# generate openssl config # generate openssl config
@ -250,8 +254,11 @@ gen_server_x509() {
start() { start() {
echo "[${ME}] Started in ${PWD} directory." echo "[${ME}] Started in ${PWD} directory."
has_openssl;
has_getopt; has_getopt;
has_openssl;
parse_arguments "$@";
gen_openssl_config; gen_openssl_config;
if [ ! -f "${CA_KEY}" ]; then if [ ! -f "${CA_KEY}" ]; then
@ -282,4 +289,4 @@ start() {
# script starts here # script starts here
## ##
start; start "$@";

2
testme.sh
Unescape View File

@ -8,7 +8,7 @@ pushd "${TMPDIR}"
for DISTRO in alpine:3.4 alpine:3.7 ubuntu:bionic debian:stretch centos:7; do for DISTRO in alpine:3.4 alpine:3.7 ubuntu:bionic debian:stretch centos:7; do
printf "\n\n\nTesting the script with ${DISTRO} ...\n\n\n" printf "\n\n\nTesting the script with ${DISTRO} ...\n\n\n"
rm -vf openssl.cnf private.key public.crt ca.crt ca.key ca.srl rm -vf openssl.cnf private.key public.crt ca.crt ca.key ca.srl
docker run --rm -ti -v ${PWD}:/w -w /w ${DISTRO} sh gencert.sh --cn test.example.com docker run --rm -ti -v ${PWD}:/w -w /w ${DISTRO} sh gencert.sh --cn test.example.com --debug
printf "\n\n\n" printf "\n\n\n"
done done

Write Preview
Loading…
Cancel
Save