|
|
|
@ -2,7 +2,7 @@
|
|
|
|
|
# Filename: gencert.sh
|
|
|
|
|
# Description: This script generates x509 server certificate (with all IPs in
|
|
|
|
|
# SAN) signed by a self-signed CA.
|
|
|
|
|
# Version: 1.0 - 2018 July 11
|
|
|
|
|
# Version: 1.1 - 2018 July 15
|
|
|
|
|
# Author: Andrey Arapov <andrey.arapov@nixaid.com>
|
|
|
|
|
# License: GPLv3
|
|
|
|
|
|
|
|
|
@ -123,7 +123,7 @@ set -e
|
|
|
|
|
# install openssl
|
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
install_openssl() {
|
|
|
|
|
has_openssl() {
|
|
|
|
|
set +e
|
|
|
|
|
type openssl >/dev/null 2>&1
|
|
|
|
|
if [ $? -eq 0 ]; then
|
|
|
|
@ -157,6 +157,44 @@ install_openssl() {
|
|
|
|
|
set -e
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# install getopt
|
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
has_getopt() {
|
|
|
|
|
set +e
|
|
|
|
|
type getopt >/dev/null 2>&1
|
|
|
|
|
if [ $? -eq 0 ]; then
|
|
|
|
|
return;
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ $(id -u) -ne 0 ]; then
|
|
|
|
|
echo "This script must be run as root in order to install getopt tool."
|
|
|
|
|
echo "If you cannot run this script as root, then make sure you have the getopt tool."
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ -f /etc/debian_version ]; then
|
|
|
|
|
echo "[${ME}] Installing getopt in Debian/Ubuntu"
|
|
|
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
|
|
|
apt-get update
|
|
|
|
|
apt-get -y install util-linux
|
|
|
|
|
elif [ -f /etc/alpine-release ]; then
|
|
|
|
|
echo "[${ME}] Installing getopt in Alpine"
|
|
|
|
|
apk add --update busybox
|
|
|
|
|
ln -sv $(type -p busybox) /usr/bin/getopt
|
|
|
|
|
elif [ -f /etc/centos-release ]; then
|
|
|
|
|
echo "[${ME}] Installing getopt in CentOS"
|
|
|
|
|
yum -y install util-linux
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
type getopt >/dev/null
|
|
|
|
|
if [ $? -ne 0 ]; then
|
|
|
|
|
echo "[${ME}] ERROR: Could not install getopt. Exitting."
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
set -e
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# generate openssl config
|
|
|
|
|
##
|
|
|
|
|
|
|
|
|
@ -212,7 +250,8 @@ gen_server_x509() {
|
|
|
|
|
start() {
|
|
|
|
|
echo "[${ME}] Started in ${PWD} directory."
|
|
|
|
|
|
|
|
|
|
install_openssl;
|
|
|
|
|
has_openssl;
|
|
|
|
|
has_getopt;
|
|
|
|
|
gen_openssl_config;
|
|
|
|
|
|
|
|
|
|
if [ ! -f "${CA_KEY}" ]; then
|
|
|
|
|