diff options
| author | Omar Polo <op@omarpolo.com> | 2023-06-05 14:35:23 +0000 |
|---|---|---|
| committer | Omar Polo <op@omarpolo.com> | 2023-06-05 14:35:23 +0000 |
| commit | ac9f55ba3248ea026ca146202c69c2aa4b3594ed (patch) | |
| tree | dad523c694466f3f15ade9db9ddbfc09800ba211 /contrib | |
| parent | 34886b1e55ef0eda629b22742e7173fea04bf8f7 (diff) | |
gencert: add -e flag to generate a cert using an EC key
Diffstat (limited to 'contrib')
| -rwxr-xr-x | contrib/gencert | 27 |
1 files changed, 18 insertions, 9 deletions
diff --git a/contrib/gencert b/contrib/gencert index 888194f..20ce1de 100755 --- a/contrib/gencert +++ b/contrib/gencert @@ -4,7 +4,7 @@ # gencert - generate certificates # # SYNOPSIS -# ./gencert [-fh] [-D days] [-d destdir] hostname +# ./gencert [-efh] [-D days] [-d destdir] hostname # # DESCRIPTION # A simple script to generate self-signed X.509 certificates for @@ -15,6 +15,7 @@ # will be valid for. Use 365 (a year) by default. # -d Save the certificates to the given directory. # By default the current directory is used. +# -e Use an EC key instead of RSA. # -f Forcefully overwrite existing certificates # without prompting. # -h Display usage and exit. @@ -31,14 +32,16 @@ usage() { exit $1 } +ec=no force=no destdir=. days=365 -while getopts "D:d:fh" flag; do +while getopts "D:d:efh" flag; do case $flag in D) days="$OPTARG" ;; d) destdir="${OPTARG%/}" ;; + e) ec=yes ;; f) force=yes ;; h) usage 0 ;; ?) usage 1 ;; @@ -76,13 +79,19 @@ if [ -f "$pem" -o -f "$key" ]; then fi fi -openssl req -x509 \ - -newkey rsa:4096 \ - -out "${pem}" \ - -keyout "${key}" \ - -days "${days}" \ - -nodes \ - -subj "/CN=$hostname" +if [ $ec = yes ]; then + openssl ecparam -name prime256v1 -genkey -noout -out "${key}" && \ + openssl req -new -x509 -key "${key}" -out "${pem}" -days "${days}" \ + -nodes -subj "/CN=$hostname" +else + openssl req -x509 \ + -newkey rsa:4096 \ + -out "${pem}" \ + -keyout "${key}" \ + -days "${days}" \ + -nodes \ + -subj "/CN=$hostname" +fi e=$? if [ $e -ne 0 ]; then |