feat(certgen/tls): add the script to generate custom tls certificate in an easier way
This commit is contained in:
parent
56d10bc7e4
commit
bd80d1213f
2
.gitignore
vendored
Normal file → Executable file
2
.gitignore
vendored
Normal file → Executable file
@ -1,3 +1,5 @@
|
||||
/node_modules
|
||||
/output
|
||||
/custom_tls_cert_gen/output
|
||||
|
||||
yarn.lock
|
60
custom_tls_cert_gen/generate-custom-tls.sh
Executable file
60
custom_tls_cert_gen/generate-custom-tls.sh
Executable file
@ -0,0 +1,60 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -eu
|
||||
|
||||
read -p "Specify the output path: " OUTPUT_PATH
|
||||
|
||||
if [ -z "$OUTPUT_PATH" ]; then
|
||||
OUTPUT_PATH="$(pwd)/output"
|
||||
|
||||
if [[ ! -e "$OUTPUT_PATH" ]]; then
|
||||
mkdir "$OUTPUT_PATH"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ ! -e "$OUTPUT_PATH" ]]; then
|
||||
printf "$OUTPUT_PATH doesn't exist"
|
||||
exit;
|
||||
fi
|
||||
|
||||
read -p "Specify the path where the cfssl and cfssljson are placed: " TOOL_PATH
|
||||
|
||||
CFSSLEXE=${TOOL_PATH}/cfssl
|
||||
CFSSLJSONEXE=${TOOL_PATH}/cfssljson
|
||||
|
||||
echo ${CFSSLEXE}
|
||||
if [ ! -e "$CFSSLEXE" ]; then
|
||||
printf "no cfssl found"
|
||||
exit;
|
||||
fi
|
||||
|
||||
if [ ! -e "$CFSSLJSONEXE" ]; then
|
||||
printf "no cfssljson found"
|
||||
exit;
|
||||
fi
|
||||
|
||||
|
||||
cd $OUTPUT_PATH
|
||||
|
||||
${CFSSLEXE} print-defaults csr | ${CFSSLEXE} gencert -initca - | ${CFSSLJSONEXE} -bare ldap-ca
|
||||
|
||||
CONFIG_CFSSL_JSON=${OUTPUT_PATH}/cfssl.json
|
||||
|
||||
cat <<EOF >> ${CONFIG_CFSSL_JSON}
|
||||
{
|
||||
"signing": {
|
||||
"default": {
|
||||
"expiry": "87600h",
|
||||
"usages": ["signing", "key encipherment", "server auth"]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
EOF
|
||||
|
||||
read -p "Give a name to the certificate: " CERT_NAME
|
||||
|
||||
read -p "Input the hostname(example.org,127.0.0.1): " CERT_HOSTNAME
|
||||
|
||||
echo '{}' | ${CFSSLEXE} gencert -ca=ldap-ca.pem -ca-key=ldap-ca-key.pem -config=${CONFIG_CFSSL_JSON} \
|
||||
-hostname="${CERT_HOSTNAME}" - | ${CFSSLJSONEXE} -bare ${CERT_NAME}
|
Loading…
Reference in New Issue
Block a user