Skip to content
Snippets Groups Projects
Commit 93e642b6 authored by nimrod's avatar nimrod
Browse files

Setting the domain seems to be reliable now (until I write a test case).

parent 16600664
Branches
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 23 additions and 24 deletions
ssl-ca
+ 23
24
View file @ 93e642b6
#!/bin/sh -e #!/bin/sh -e
domain="$(basename $(pwd))" export domain="$(basename $PWD)"
default_config=\ seed="$(hexdump -n10 -e '10/1 "%02o" "\n"' /dev/urandom)"
config=\
"[ ca ] "[ ca ]
default_ca = CA_default default_ca = CA_default
[ CA_default ] [ CA_default ]
dir = . dir = $PWD
certs = certs certs = \$dir/certs
certificate = CA.crt certificate = \$dir/CA.crt
private_key = CA.key private_key = \$dir/CA.key
default_md = sha256 default_md = sha256
default_days = 365 default_days = 365
email_in_dn = no email_in_dn = no
RANDFILE = /dev/urandom
database = /dev/null
[ req ]
distinguished_name = req_distinguished_name
prompt = no
encrypt_key = no
default_md = sha256
default_bits = 2048
[ req_distinguished_name] [ req_distinguished_name]
#C = 2 letter country code #C = 2 letter country code
...@@ -21,57 +31,46 @@ email_in_dn = no ...@@ -21,57 +31,46 @@ email_in_dn = no
#O = Organization name #O = Organization name
#OU = Organizational unit #OU = Organizational unit
#emailAddress = email address #emailAddress = email address
#CN = *.*.$domain CN = *.*.\${ENV::domain}
"
[ req ]
distinguished_name = req_distinguished_name
prompt = no
encrypt_key = no
default_md = sha256
default_bits = 2048"
usage () { usage () {
echo "Usage: $0 init|gen|sign|resign" echo "Usage: $0 init|gen|sign|resign"
} }
init () { init () {
mkdir -p "certs" mkdir -p "certs" "keys"
mkdir -p "keys" echo "$config" > "openssl.cnf"
echo "$default_config" > "openssl.cnf"
openssl genrsa \ openssl genrsa \
-out CA.key -out CA.key
openssl req \ openssl req \
-x509 \ -x509 \
-config openssl.cnf \ -config openssl.cnf \
-new \ -new \
-subj "CN=*.*.$domain" \
-key CA.key \ -key CA.key \
-out CA.crt -out CA.crt
} }
sign_key () { sign_key () {
echo "Generating CSR for $1.$domain."
csr="$(mktemp -t ssl-ca)" csr="$(mktemp -t ssl-ca)"
export domain="$1.$domain"
openssl req \ openssl req \
-key keys/$1 \ -key keys/$1 \
-new \ -new \
-config openssl.cnf \ -config openssl.cnf \
-subj "/CN=*.*.$1.$domain" \
-out "$csr" -out "$csr"
echo "Generating cert for $1.$domain." fqdn="$1.$domain" openssl x509 \
openssl x509 \
-req \ -req \
-in "$csr" \ -in "$csr" \
-out "certs/$1" \ -out "certs/$1" \
-CA CA.crt \ -CA CA.crt \
-CAcreateserial \ -set_serial $seed \
-extensions v3_ca \ -extensions v3_ca \
-CAkey CA.key -CAkey CA.key
rm "$csr" rm "$csr"
} }
gen_key () { gen_key () {
echo "Generating key for $1.$domain."
openssl genrsa -out "keys/$1" openssl genrsa -out "keys/$1"
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment