-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmksvc.sh
executable file
·42 lines (33 loc) · 1.04 KB
/
mksvc.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#!/bin/sh
set -e
if [ -z "$1" ]; then
echo "usage: ./mksvc.sh servicename" >&2
exit 1
fi
svc="$1"
shift
privkey="ca/intermediate/private/${svc}.key"
csr="ca/intermediate/csr/${svc}.csr"
cert="ca/intermediate/certs/${svc}.cert"
cachain_pem="ca/intermediate/certs/ca-chain.cert.pem"
openssl genrsa -out "${privkey}.pem" 2048
chmod 400 "${privkey}.pem"
export SUBJECT_ALT_NAME="DNS:${svc}"
for alt in $@ ; do
SUBJECT_ALT_NAME="${SUBJECT_ALT_NAME},DNS:${alt}"
done
openssl req -config ca/intermediate/openssl.cnf \
-extensions server_cert -new -subj "/C=US/CN=${svc}" \
-key "${privkey}.pem" \
-out "${csr}.pem"
openssl ca -config ca/intermediate/openssl.cnf -batch \
-extensions server_cert -days 375 -notext -md sha256 \
-in "${csr}.pem" \
-out "${cert}.pem"
openssl x509 -noout -text -in "${cert}.pem"
openssl verify -CAfile "$cachain_pem" "${cert}.pem"
rm -rf "${svc}.tls/"
mkdir -p "${svc}.tls/"
cp -p "$cachain_pem" "${svc}.tls/"
cp -p "${privkey}.pem" "${svc}.tls/private.pem"
cp -p "${cert}.pem" "${svc}.tls/cert.pem"