57 lines
1.8 KiB
Bash
Executable File
57 lines
1.8 KiB
Bash
Executable File
mkdir -p resources/config/ resources/useless_openssl_data/
|
|
|
|
cat > resources/openssl.cnf <<EOF
|
|
[ ca ]
|
|
default_ca = CA_default # The default ca section
|
|
|
|
[ CA_default ]
|
|
new_certs_dir = resources/useless_openssl_data/
|
|
database = resources/useless_openssl_data/db
|
|
policy = policy_anything
|
|
serial = resources/useless_openssl_data/serial
|
|
copy_extensions = copy
|
|
email_in_dn = no
|
|
rand_serial = no
|
|
|
|
[ policy_anything ]
|
|
countryName = optional
|
|
stateOrProvinceName = optional
|
|
localityName = optional
|
|
organizationName = optional
|
|
organizationalUnitName = optional
|
|
commonName = supplied
|
|
emailAddress = optional
|
|
|
|
[ usr_cert ]
|
|
subjectAltName=subject:copy
|
|
EOF
|
|
|
|
rm -f resources/useless_openssl_data/db
|
|
touch resources/useless_openssl_data/db
|
|
echo 01 > resources/useless_openssl_data/serial
|
|
|
|
# Generate CA
|
|
openssl req -x509 -nodes -newkey rsa:2048 -batch \
|
|
-subj "/CN=Test CA" \
|
|
-outform PEM -out resources/config/ca_cert.pem \
|
|
-keyout resources/ca_cert.key
|
|
|
|
for server in $*; do
|
|
openssl genrsa -traditional \
|
|
-out resources/config/server_$server.key \
|
|
2048
|
|
openssl req -nodes -batch -new \
|
|
-addext "subjectAltName = DNS:$server" \
|
|
-key resources/config/server_$server.key \
|
|
-outform PEM -out resources/server_$server.req
|
|
openssl ca -config resources/openssl.cnf -days 3650 -md sha512 -batch \
|
|
-subj /CN=$server \
|
|
-keyfile resources/ca_cert.key -cert resources/config/ca_cert.pem \
|
|
-in resources/server_$server.req \
|
|
-out resources/config/server_$server.pem
|
|
openssl x509 -sha1 -in resources/config/server_$server.pem -fingerprint -noout \
|
|
| sed "s/.*=//" | sed "s/://g" | tr '[:upper:]' '[:lower:]' > resources/server_$server.pem.sha1
|
|
done
|
|
|
|
rm -r resources/useless_openssl_data/
|