feat(certgen/tls): add the script to generate custom tls certificate in an easier way

2022-08-11 15:56:25 +12:00 · 2022-08-11 15:56:25 +12:00 · bd80d1213f
commit bd80d1213f
parent 56d10bc7e4
2 changed files with 62 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,5 @@
 /node_modules
+/output
+/custom_tls_cert_gen/output

 yarn.lock
--- a/custom_tls_cert_gen/generate-custom-tls.sh
+++ b/custom_tls_cert_gen/generate-custom-tls.sh
@ -0,0 +1,60 @@
+#!/bin/bash
+
+set -eu
+
+read -p "Specify the output path: " OUTPUT_PATH
+
+if [ -z "$OUTPUT_PATH" ]; then
+  OUTPUT_PATH="$(pwd)/output"
+
+  if [[ ! -e "$OUTPUT_PATH" ]]; then 
+    mkdir "$OUTPUT_PATH"
+  fi 
+fi
+
+if [[ ! -e "$OUTPUT_PATH" ]]; then 
+  printf "$OUTPUT_PATH doesn't exist" 
+  exit;
+fi
+
+read -p "Specify the path where the cfssl and cfssljson are placed: " TOOL_PATH
+
+CFSSLEXE=${TOOL_PATH}/cfssl
+CFSSLJSONEXE=${TOOL_PATH}/cfssljson
+
+echo ${CFSSLEXE}
+if [ ! -e "$CFSSLEXE" ]; then
+    printf "no cfssl found"
+    exit;
+fi
+
+if [ ! -e "$CFSSLJSONEXE" ]; then
+    printf "no cfssljson found"
+    exit;
+fi
+
+
+cd $OUTPUT_PATH
+
+${CFSSLEXE} print-defaults csr | ${CFSSLEXE} gencert -initca - | ${CFSSLJSONEXE} -bare ldap-ca 
+
+CONFIG_CFSSL_JSON=${OUTPUT_PATH}/cfssl.json
+
+cat <<EOF >> ${CONFIG_CFSSL_JSON}
+{
+  "signing": {
+    "default": {
+      "expiry": "87600h",
+      "usages": ["signing", "key encipherment", "server auth"]
+    }
+  }
+}
+
+EOF
+
+read -p "Give a name to the certificate: " CERT_NAME
+
+read -p "Input the hostname(example.org,127.0.0.1): " CERT_HOSTNAME
+
+echo '{}' | ${CFSSLEXE} gencert -ca=ldap-ca.pem -ca-key=ldap-ca-key.pem -config=${CONFIG_CFSSL_JSON} \
+    -hostname="${CERT_HOSTNAME}" - | ${CFSSLJSONEXE} -bare ${CERT_NAME}