arno
/
gencert
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

add --san-ip and few fixes

Browse Source
master
Andy 6 years ago
parent 63771f9837
commit 8c977cd3ed
Signed by: arno
GPG Key ID: 9076D5E6B31AE99C
1 changed files with 39 additions and 24 deletions
Show Stats Download Patch File Download Diff File

63
gencert.sh
Unescape View File

@ -19,6 +19,7 @@ print_help() {
--ca - CA cert name\t\t\t(default: ca.crt)
--cadays - CA cert expiration in days\t(default: 3650)\n
--nosan - do not write SAN records\n
--san-ip - specify custom SAN IP records manually. Implies --nosan\n
--debug - show extra information\n
--rsa - generate RSA keys instead of ECDSA\n
--rsa-size - set RSA key size\n"
@ -33,7 +34,7 @@ parse_arguments() {
# read arguments
opts=$(getopt \
--longoptions "help,cn:,key:,cert:,days:,cakey:,ca:,cadays:,nosan,debug,rsa,rsa-size:" \
--longoptions "help,cn:,key:,cert:,days:,cakey:,ca:,cadays:,nosan,san-ip:,debug,rsa,rsa-size:" \
--name "$(basename "$0")" \
--options "" \
-- "$@"
@ -88,6 +89,11 @@ parse_arguments() {
shift 1
;;
--san-ip)
ARG_SAN_IP=$2
shift 2
;;
--debug)
ARG_DEBUG=1
shift 1
@ -108,28 +114,7 @@ parse_arguments() {
;;
esac
done
if [ -z "${ARG_CN}" ]; then
echo "[${ME}] ERROR: Please specify CN, example \"--cn your.site.com\""
print_help;
exit 1
fi
# For debugging purposes
if [ "${ARG_DEBUG}" -eq 1 ]; then
echo ARG_CN=$ARG_CN
echo ARG_KEY=$ARG_KEY
echo ARG_CERT=$ARG_CERT
echo ARG_DAYS=$ARG_DAYS
echo ARG_CAKEY=$ARG_CAKEY
echo ARG_CA=$ARG_CA
echo ARG_CADAYS=$ARG_CADAYS
echo ARG_NOSAN=$ARG_NOSAN
echo ARG_DEBUG=$ARG_DEBUG
echo ARG_RSA=$ARG_RSA
echo ARG_RSA_SIZE=$ARG_RSA_SIZE
fi
# prepare common variables
##
@ -141,9 +126,33 @@ parse_arguments() {
SERVER_KEY="${ARG_KEY:-private.key}"
SERVER_CERT="${ARG_CERT:-public.crt}"
DAYS="${ARG_DAYS:-365}"
NOSAN="${ARG_NOSAN}"
SAN_IP="${ARG_SAN_IP}"
DEBUG="${ARG_DEBUG}"
RSA="${ARG_RSA}"
RSA_SIZE="${ARG_RSA_SIZE:-2048}"
if [ -z "${CN}" ]; then
echo "[${ME}] ERROR: Please specify CN, example \"--cn your.site.com\""
print_help;
exit 1
fi
# For debugging purposes
if [ "${DEBUG}" -eq 1 ]; then
echo CN=$CN
echo KEY=$KEY
echo CERT=$CERT
echo DAYS=$DAYS
echo CAKEY=$CAKEY
echo CA=$CA
echo CADAYS=$CADAYS
echo NOSAN=$NOSAN
echo SAN_IP=$SAN_IP
echo DEBUG=$DEBUG
echo RSA=$RSA
echo RSA_SIZE=$RSA_SIZE
fi
}
# install openssl
@ -232,7 +241,13 @@ basicConstraints = CA:FALSE
keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth"
if [ -z "$ARG_NOSAN" ]; then
if [ ! -z "$SAN_IP" ]; then
echo "[${ME}] Using user-provided SAN records: " ${SAN_IP}
i=1
IFS=,
PAYLOAD="subjectAltName = @alt_names\n[ alt_names ]\n$(for IP in $SAN_IP; do echo "IP.${i} = ${IP}" ; i=$((i + 1)); done)"
unset IFS
elif [ -z "$NOSAN" ]; then
# Gather IPs for SAN
i=1

Write Preview
Loading…
Cancel
Save