blob: dd86b2a65d41575d7ba4a8d8e82564c21f2c6e76 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
#!/bin/sh
#
# NAME
# gencert - generate certificates
#
# SYNOPSIS
# ./gencert [-efh] [-D days] [-d destdir] hostname
#
# DESCRIPTION
# A simple script to generate self-signed X.509 certificates for
# gmid.
#
# The option are as follows:
# -D Specify the number of days the certificate
# will be valid for. Use 365 (a year) by default.
# -d Save the certificates to the given directory.
# By default the current directory is used.
# -e Use an EC key instead of RSA.
# -f Forcefully overwrite existing certificates
# without prompting.
# -h Display usage and exit.
#
# SEE ALSO
# openssl(1)
#
progname="$(basename -- "$0")"
usage() {
echo "usage: $progname [-fhe] [-d destdir] [-D days] hostname" >&2
echo "Please read the comment at the top of $0 for the usage." >&2
exit $1
}
ec=no
force=no
destdir=.
days=365
while getopts "D:d:efh" flag; do
case $flag in
D) days="$OPTARG" ;;
d) destdir="${OPTARG%/}" ;;
e) ec=yes ;;
f) force=yes ;;
h) usage 0 ;;
?) usage 1 ;;
esac
done
shift $(($OPTIND - 1))
if [ $# -ne 1 ]; then
usage 1
fi
if [ ! -d "${destdir}" ]; then
echo "${progname}: ${destdir} is not a directory." >&2
usage 1
fi
hostname="${1}"
pem="${destdir}/${hostname}.pem"
key="${destdir}/${hostname}.key"
if [ -f "$pem" -o -f "$key" ]; then
if [ $force = no ]; then
while :; do
printf "Overwrite existing certificate $pem? [y/n] "
if ! read -r reply; then
echo
exit 1
fi
case "$reply" in
[yY]) echo "overwriting"; break ;;
[nN]) echo "quitting"; exit 0 ;;
esac
done
fi
fi
if [ $ec = yes ]; then
openssl ecparam -name secp384r1 -genkey -noout -out "${key}" && \
openssl req -new -x509 -key "${key}" -out "${pem}" -days "${days}" \
-nodes -subj "/CN=$hostname"
else
openssl req -x509 \
-newkey rsa:4096 \
-out "${pem}" \
-keyout "${key}" \
-days "${days}" \
-nodes \
-subj "/CN=$hostname"
fi
e=$?
if [ $e -ne 0 ]; then
exit $e
fi
echo
echo "Generated files:"
echo " $pem : certificate"
echo " $key : private key"
|
