feat(certgen/tls): add the script to generate custom tls certificate in an easier way

2022-08-11 15:56:25 +12:00 · 2022-08-11 15:56:25 +12:00 · bd80d1213f
parent 56d10bc7e4
commit bd80d1213f
2 changed files with 62 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,5 @@
 /node_modules
 /output
 /custom_tls_cert_gen/output
 yarn.lock
--- a/custom_tls_cert_gen/generate-custom-tls.sh
+++ b/custom_tls_cert_gen/generate-custom-tls.sh
@ -0,0 +1,60 @@
 #!/bin/bash
 set -eu
 read -p "Specify the output path: " OUTPUT_PATH
 if [ -z "$OUTPUT_PATH" ]; then
  OUTPUT_PATH="$(pwd)/output"
  if [[ ! -e "$OUTPUT_PATH" ]]; then 
    mkdir "$OUTPUT_PATH"
  fi 
 fi
 if [[ ! -e "$OUTPUT_PATH" ]]; then 
  printf "$OUTPUT_PATH doesn't exist" 
  exit;
 fi
 read -p "Specify the path where the cfssl and cfssljson are placed: " TOOL_PATH
 CFSSLEXE=${TOOL_PATH}/cfssl
 CFSSLJSONEXE=${TOOL_PATH}/cfssljson
 echo ${CFSSLEXE}
 if [ ! -e "$CFSSLEXE" ]; then
    printf "no cfssl found"
    exit;
 fi
 if [ ! -e "$CFSSLJSONEXE" ]; then
    printf "no cfssljson found"
    exit;
 fi
 cd $OUTPUT_PATH
 ${CFSSLEXE} print-defaults csr | ${CFSSLEXE} gencert -initca - | ${CFSSLJSONEXE} -bare ldap-ca 
 CONFIG_CFSSL_JSON=${OUTPUT_PATH}/cfssl.json
 cat <<EOF >> ${CONFIG_CFSSL_JSON}
 {
  "signing": {
    "default": {
      "expiry": "87600h",
      "usages": ["signing", "key encipherment", "server auth"]
    }
  }
 }
 EOF
 read -p "Give a name to the certificate: " CERT_NAME
 read -p "Input the hostname(example.org,127.0.0.1): " CERT_HOSTNAME
 echo '{}' | ${CFSSLEXE} gencert -ca=ldap-ca.pem -ca-key=ldap-ca-key.pem -config=${CONFIG_CFSSL_JSON} \
    -hostname="${CERT_HOSTNAME}" - | ${CFSSLJSONEXE} -bare ${CERT_NAME}