forked from pulp/pulpcore
/
genclient.sh
executable file
·51 lines (45 loc) · 981 Bytes
/
genclient.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
HOSTNAME=`hostname`
EXT_FILE=$1
EXT=$2
mkdir -p keys
mkdir -p certificates
# create client key
openssl genrsa -out keys/client.pem 2048 &> /dev/null
# create signing request for client
openssl req \
-new \
-key keys/client.pem \
-out client.req \
-nodes \
-subj "/CN=$HOSTNAME/O=client" &> /dev/null
# sign server request w/ CA key and gen x.509 cert.
if [[ ! -z "$EXT_FILE" ]];
then
echo "using: $EXT_FILE"
openssl x509 \
-req \
-sha1 \
-in client.req \
-out certificates/client.pem \
-CA certificates/ca.pem \
-CAkey keys/ca.pem \
-CAcreateserial \
-set_serial $RANDOM \
-extfile $EXT_FILE \
-extensions $EXT \
-days 3650
else
openssl x509 \
-req \
-sha1 \
-extensions usr_cert \
-in client.req \
-out certificates/client.pem \
-CA certificates/ca.pem \
-CAkey keys/ca.pem \
-CAcreateserial \
-set_serial $RANDOM \
-days 3650
fi
# remove CA signing request
rm client.req