72 lines
2.2 KiB
Bash
Executable file
72 lines
2.2 KiB
Bash
Executable file
#! /bin/bash
|
|
|
|
. "/home/alex/code/ca-scripts/lib/ca-functions"
|
|
|
|
usage() {
|
|
cat <<__EOT__
|
|
Usage: $PROGNAME [options]
|
|
|
|
Options:
|
|
-h, --help Print this helpful message!
|
|
-c, --encrypt Encrypt CA private key with Triple-DES
|
|
-f, --config FILE Use config file instead of $CONFFILE
|
|
-i, --template FILE Use alternative index.html template
|
|
-o, --output FILE Generate CA index.html in FILE
|
|
|
|
__EOT__
|
|
}
|
|
|
|
short='hcf:i:o:'
|
|
long='help,encrypt,config:,template:,output:'
|
|
opts=$( getopt -o "$short" -l "$long" -n "$PROGNAME" -- "$@" )
|
|
if [ 0 -ne $? ]; then echo; usage; exit 1; fi
|
|
eval set -- "$opts";
|
|
|
|
while :; do
|
|
case "$1" in
|
|
-h|--help) usage; exit 0;;
|
|
-c|--encrypt) CRYPTKEY=""; shift;;
|
|
-f|--config) shift; CONFFILE="$1"; shift;;
|
|
-i|--template) shift; INDEXTPL="$1"; shift;;
|
|
-o|--output) shift; INDEXOUT="$1"; shift;;
|
|
--) shift; break;;
|
|
*) echo "Unknown value '$1'"; exit 1;;
|
|
esac
|
|
done
|
|
|
|
# load up the configuration file
|
|
CA_CRT_TYPE="ca"
|
|
ca_load_conf
|
|
|
|
# create the directory structure that'll be populated by the scripts
|
|
mkdir -p $CA_HOME/{cnf,crl,crt,csr,db,idx,key,p12}
|
|
echo "01" > $CA_HOME/db/crlnumber
|
|
touch $CA_HOME/db/index.txt
|
|
touch $CA_HOME/db/.rand
|
|
chmod 600 $CA_HOME/db/.rand
|
|
chmod 700 $CA_HOME/key
|
|
|
|
# generate an openssl configuration for this CA
|
|
ca_template ca-config "$CA_HOME/cnf/$CA_NAME.ca.cnf"
|
|
|
|
# generate a self-signed cert that is valid for 10 years, with
|
|
# ... the private key in $CA_HOME/key/$CA_NAME.ca.key
|
|
# ... the certificate in $CA_HOME/crt/$CA_NAME.ca.crt
|
|
# ... using the config in $CA_HOME/cnf/$CA_NAME.ca.cnf
|
|
openssl req -new $CRYPTKEY -config "$CA_HOME/cnf/$CA_NAME.ca.cnf" \
|
|
-keyout "$CA_HOME/key/$CA_NAME.ca.key" \
|
|
-out "$CA_HOME/csr/$CA_NAME.ca.csr"
|
|
|
|
openssl ca -create_serial -selfsign -days 3652 -batch \
|
|
-name ca_scripts -extensions ca_x509_extensions \
|
|
-config "$CA_HOME/cnf/$CA_NAME.ca.cnf" \
|
|
-in "$CA_HOME/csr/$CA_NAME.ca.csr" \
|
|
-keyfile "$CA_HOME/key/$CA_NAME.ca.key" \
|
|
-out "$CA_HOME/crt/$CA_NAME.ca.crt"
|
|
|
|
# generate an initial CRL too (yes it will be empty, but we should serve it)
|
|
ca_gen_crl
|
|
if [ -n "$INDEXOUT" ]; then
|
|
ca_checksum
|
|
ca_template $INDEXTPL $INDEXOUT
|
|
fi
|