forked from fgrehm/squid3-ssl-docker
-
Notifications
You must be signed in to change notification settings - Fork 1
/
mk-certs
executable file
·37 lines (29 loc) · 817 Bytes
/
mk-certs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
#!/bin/sh
set -e
# Generate a private key and a self-signed certificate.
CERTS_DIR='/etc/squid/certs'
CONFIG='/etc/squid/openssl.cnf'
# Get domain name from config file.
# Domain is used to name self-signed cert file.
DOMAIN=$(grep commonName $CONFIG | cut -d'=' -f 2 | tr -d ' ')
# Generate private key.
openssl genrsa -out $CERTS_DIR/private.pem 2048
# Generate cert signing request.
openssl req -new \
-batch \
-nodes \
-sha256 \
-key $CERTS_DIR/private.pem \
-out $CERTS_DIR/proxy.csr \
-config $CONFIG
# Generate self-signed cert.
openssl x509 -req \
-days 730 \
-signkey $CERTS_DIR/private.pem \
-in $CERTS_DIR/proxy.csr \
-out $CERTS_DIR/$DOMAIN.crt \
-extensions v3_req \
-sha256 \
-extfile $CONFIG
# Delete signing request.
rm $CERTS_DIR/proxy.csr