-
Notifications
You must be signed in to change notification settings - Fork 1
/
ca-cert.bash
executable file
·101 lines (82 loc) · 2.19 KB
/
ca-cert.bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
#!/usr/bin/env bash
# Directory where certificates are placed
CERTS_DIR=${HOME}/.ssl
# open ssl config file path
OPENSSL=$(pwd)/openssl.cnf
# Days the root certificate will be valid for
ROOT_CA_DAYS=3650
# Default days generates certificates will be valid for
DEFAULT_DAYS=365
# name of the current executable
PROGRAM=${0##*/}
set -o nounset
set -o errexit
function init() {
local serial=${CERTS_DIR}/serial
local index=${CERTS_DIR}/index.txt
# create required directories
mkdir -p ${CERTS_DIR}/private
mkdir -p ${CERTS_DIR}/certs
mkdir -p ${CERTS_DIR}/newcerts
# initialize the CA database
[ -a ${serial} ] || echo "01" > ${serial}
[ -a ${index} ] || touch ${index}
}
function generate_ca() {
local cert="${CERTS_DIR}/${1}cert.pem"
local key="${CERTS_DIR}/private/${1}key.pem"
local crt="${CERTS_DIR}/${1}cert.crt"
openssl req -config ${OPENSSL} -new -x509 -keyout ${key} -out ${cert} -days ${DEFAULT_DAYS}
openssl x509 -in ${cert} -out ${crt}
echo
echo
echo "Successfully generated certificate ${cert} and key ${key}"
echo "Ensure that this self signed root certificate is used only to sign other certificates."
echo "The private key is highly sensible, never compromise it, by removing the passphrase that protects it"
}
function generate_cert() {
local key="${1}.pem"
openssl req -config ${OPENSSL} -new -keyout ${key} -out ${key} -days ${DEFAULT_DAYS}
}
function sign() {
local key="${1}.pem"
local cert="${1}_cert.pem"
openssl ca -config ${OPENSSL} -policy policy_anything -out ${cert} -infiles ${key}
}
function version() {
echo "0.0.1"
}
function usage() {
echo "${PROGRAM} $(version)"
echo "Usage: ${PROGRAM} [-c] [-r]"
}
help() {
usage
echo " -c, --new-ca Generates a new root certificate"
echo " -r, --new-req Generate a certificate signing request and signs it"
echo " -h, --help Display this help message"
echo " -v, --version Display the version number"
}
init
set +o nounset
opt=${1}
set -o nounset
case "${opt}" in
-c|--new-ca)
generate_ca "ca"
;;
-r|--new-req)
generate_cert "newreq"
sign "newreq"
;;
-h|--help)
help
;;
-v|--version)
version
;;
*)
usage >&2
exit 1
;;
esac