diff options
| author | Omar Polo <op@omarpolo.com> | 2021-10-09 14:07:21 +0000 |
|---|---|---|
| committer | Omar Polo <op@omarpolo.com> | 2021-10-09 14:07:21 +0000 |
| commit | d7e2e22c588996c2c4c3aea5a390327282b67f0e (patch) | |
| tree | ed737013c73d71e48418d77da3482fa9a3f0328e /contrib | |
| parent | 9bb2f62e241164788b683971648e51e3cf174947 (diff) | |
add gencert, a simple script to generate self-signed certs
Diffstat (limited to 'contrib')
| -rw-r--r-- | contrib/README | 4 | ||||
| -rwxr-xr-x | contrib/gencert | 95 |
2 files changed, 99 insertions, 0 deletions
diff --git a/contrib/README b/contrib/README index ab45f9b..d4fa347 100644 --- a/contrib/README +++ b/contrib/README @@ -5,6 +5,10 @@ Dockerfile Sample Dockerfile to build alpine-based gmid images. +gencert + + Simple shell script to generate self-signed certificates. + gmid Sample rc(8) script for OpenBSD, to be placed in /etc/rc.d. diff --git a/contrib/gencert b/contrib/gencert new file mode 100755 index 0000000..888194f --- /dev/null +++ b/contrib/gencert @@ -0,0 +1,95 @@ +#!/bin/sh +# +# NAME +# gencert - generate certificates +# +# SYNOPSIS +# ./gencert [-fh] [-D days] [-d destdir] hostname +# +# DESCRIPTION +# A simple script to generate self-signed X.509 certificates for +# gmid. +# +# The option are as follows: +# -D Specify the number of days the certificate +# will be valid for. Use 365 (a year) by default. +# -d Save the certificates to the given directory. +# By default the current directory is used. +# -f Forcefully overwrite existing certificates +# without prompting. +# -h Display usage and exit. +# +# SEE ALSO +# openssl(1) +# + +progname="$(basename -- "$0")" + +usage() { + echo "usage: $progname [-fh] [-d destdir] [-D days] hostname" >&2 + echo "Please read the comment at the top of $0 for the usage." >&2 + exit $1 +} + +force=no +destdir=. +days=365 + +while getopts "D:d:fh" flag; do + case $flag in + D) days="$OPTARG" ;; + d) destdir="${OPTARG%/}" ;; + f) force=yes ;; + h) usage 0 ;; + ?) usage 1 ;; + esac +done + +shift $(($OPTIND - 1)) + +if [ $# -ne 1 ]; then + usage 1 +fi + +if [ ! -d "${destdir}" ]; then + echo "${progname}: ${destdir} is not a directory." >&2 + usage 1 +fi + +hostname="${1}" +pem="${destdir}/${hostname}.pem" +key="${destdir}/${hostname}.key" + +if [ -f "$pem" -o -f "$key" ]; then + if [ $force = no ]; then + while :; do + printf "Overwrite existing certificate $pem? [y/n] " + if ! read -r reply; then + echo + exit 1 + fi + case "$reply" in + [yY]) echo "overwriting"; break ;; + [nN]) echo "quitting"; exit 0 ;; + esac + done + fi +fi + +openssl req -x509 \ + -newkey rsa:4096 \ + -out "${pem}" \ + -keyout "${key}" \ + -days "${days}" \ + -nodes \ + -subj "/CN=$hostname" + +e=$? +if [ $e -ne 0 ]; then + exit $e +fi + +echo +echo "Generated files:" +echo " $pem : certificate" +echo " $key : private key" |