-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcreate-cert.sh
More file actions
executable file
·39 lines (34 loc) · 1.5 KB
/
create-cert.sh
File metadata and controls
executable file
·39 lines (34 loc) · 1.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#!/usr/bin/bash -e
function help() {
echo -e "Usage: ${0##*/} [OPTION]...\nCreate a certificate, signed by your own CA.\nExample: ${0##*/} -a \$(date --date='30 days' +%Y%m%d%H%M%SZ) -f\n\n -a set not after date\n -b set not before date\n -d set target domain (need config file named as \`openssl-\$DOMAIN.cnf\`)\n -f recreate private key instead of renew using old private key\n -h display this help text and exit\n -n select ec curve name (list available via \`openssl ecparam -list_curves\`)"
exit "$1"
}
while getopts "a:b:d:fhn:" OPT; do
case "$OPT" in
a) NOT_AFTER="$OPTARG" ;;
b) NOT_BEFORE="$OPTARG" ;;
d) DOMAIN="$OPTARG" ;;
f) FORCE='1' ;;
n) NAME="$OPTARG" ;;
*) help 0 ;;
esac
done
cd "$(realpath "$(dirname "$0")")"
if [ -z "$NOT_AFTER" ]; then
NOT_AFTER="$(date --date="365 days" +%Y%m%d%H%M%SZ)"
fi
if [ -z "$NOT_BEFORE" ]; then
NOT_BEFORE="$(date +%Y%m%d%H%M%SZ)"
fi
if [ -z "$NAME" ]; then
NAME='prime256v1'
fi
if [ ! -f "openssl-$DOMAIN.cnf" ]; then
echo -e "Unable to find \`openssl-$DOMAIN.cnf\` under current directory."
exit 1
fi
if [[ ! -f "private/$DOMAIN.pem" || "$FORCE" == '1' ]]; then
openssl ecparam -genkey -name "$NAME" -out "private/$DOMAIN.pem"
fi
openssl req -new -noenc -key "private/$DOMAIN.pem" -config "openssl-$DOMAIN.cnf" -out "certs/$DOMAIN.csr"
openssl ca -in "certs/$DOMAIN.csr" -config "openssl-$DOMAIN.cnf" -extensions v3_req -not_after "$NOT_AFTER" -not_before "$NOT_BEFORE" -notext -out "certs/$DOMAIN.pem"