mirror of
https://github.com/omar-polo/gmid.git
synced 2024-10-04 00:07:08 +02:00
96 lines
1.7 KiB
Plaintext
96 lines
1.7 KiB
Plaintext
|
#!/bin/sh
|
||
|
#
|
||
|
# NAME
|
||
|
# gencert - generate certificates
|
||
|
#
|
||
|
# SYNOPSIS
|
||
|
# ./gencert [-fh] [-D days] [-d destdir] hostname
|
||
|
#
|
||
|
# DESCRIPTION
|
||
|
# A simple script to generate self-signed X.509 certificates for
|
||
|
# gmid.
|
||
|
#
|
||
|
# The option are as follows:
|
||
|
# -D Specify the number of days the certificate
|
||
|
# will be valid for. Use 365 (a year) by default.
|
||
|
# -d Save the certificates to the given directory.
|
||
|
# By default the current directory is used.
|
||
|
# -f Forcefully overwrite existing certificates
|
||
|
# without prompting.
|
||
|
# -h Display usage and exit.
|
||
|
#
|
||
|
# SEE ALSO
|
||
|
# openssl(1)
|
||
|
#
|
||
|
|
||
|
progname="$(basename -- "$0")"
|
||
|
|
||
|
usage() {
|
||
|
echo "usage: $progname [-fh] [-d destdir] [-D days] hostname" >&2
|
||
|
echo "Please read the comment at the top of $0 for the usage." >&2
|
||
|
exit $1
|
||
|
}
|
||
|
|
||
|
force=no
|
||
|
destdir=.
|
||
|
days=365
|
||
|
|
||
|
while getopts "D:d:fh" flag; do
|
||
|
case $flag in
|
||
|
D) days="$OPTARG" ;;
|
||
|
d) destdir="${OPTARG%/}" ;;
|
||
|
f) force=yes ;;
|
||
|
h) usage 0 ;;
|
||
|
?) usage 1 ;;
|
||
|
esac
|
||
|
done
|
||
|
|
||
|
shift $(($OPTIND - 1))
|
||
|
|
||
|
if [ $# -ne 1 ]; then
|
||
|
usage 1
|
||
|
fi
|
||
|
|
||
|
if [ ! -d "${destdir}" ]; then
|
||
|
echo "${progname}: ${destdir} is not a directory." >&2
|
||
|
usage 1
|
||
|
fi
|
||
|
|
||
|
hostname="${1}"
|
||
|
pem="${destdir}/${hostname}.pem"
|
||
|
key="${destdir}/${hostname}.key"
|
||
|
|
||
|
if [ -f "$pem" -o -f "$key" ]; then
|
||
|
if [ $force = no ]; then
|
||
|
while :; do
|
||
|
printf "Overwrite existing certificate $pem? [y/n] "
|
||
|
if ! read -r reply; then
|
||
|
echo
|
||
|
exit 1
|
||
|
fi
|
||
|
case "$reply" in
|
||
|
[yY]) echo "overwriting"; break ;;
|
||
|
[nN]) echo "quitting"; exit 0 ;;
|
||
|
esac
|
||
|
done
|
||
|
fi
|
||
|
fi
|
||
|
|
||
|
openssl req -x509 \
|
||
|
-newkey rsa:4096 \
|
||
|
-out "${pem}" \
|
||
|
-keyout "${key}" \
|
||
|
-days "${days}" \
|
||
|
-nodes \
|
||
|
-subj "/CN=$hostname"
|
||
|
|
||
|
e=$?
|
||
|
if [ $e -ne 0 ]; then
|
||
|
exit $e
|
||
|
fi
|
||
|
|
||
|
echo
|
||
|
echo "Generated files:"
|
||
|
echo " $pem : certificate"
|
||
|
echo " $key : private key"
|