-
Notifications
You must be signed in to change notification settings - Fork 71
/
Copy pathcertify.sh
executable file
·43 lines (34 loc) · 1.45 KB
/
certify.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
#!/usr/bin/env bash
name="servor"
function command_exists () {
type "$1" &> /dev/null ;
}
# Make sure openssl exists
if ! command_exists openssl ; then
echo "OpenSSL isn't installed. You need that to generate SSL certificates."
exit
fi
## Make sure the tmp/ directory exists
if [ ! -d "tmp" ]; then
mkdir tmp/
fi
# Generate Certificate Authority
openssl genrsa -out "tmp/${name}CA.key" 2048 &>/dev/null
openssl req -x509 -config utils/ca.conf -new -nodes -key "tmp/${name}CA.key" -sha256 -days 1825 -out "${name}CA.pem" &>/dev/null
# This is the part that demands root privileges
if [ "$EUID" -eq 0 ] ; then
if command_exists security ; then
# Delete trusted certs by their common name via https://unix.stackexchange.com/a/227014
security find-certificate -c "${name}" -a -Z | sudo awk '/SHA-1/{system("security delete-certificate -Z "$NF)}'
# Trust the Root Certificate cert
security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain "${name}CA.pem"
fi
fi
# Generate CA-signed Certificate
openssl genrsa -out "${name}.key" 2048 &>/dev/null
openssl req -new -config utils/ca.conf -key "${name}.key" -out "tmp/${name}.csr" &>/dev/null
# Generate SSL Certificate
openssl x509 -req -in "tmp/${name}.csr" -CA "${name}CA.pem" -CAkey "tmp/${name}CA.key" -CAcreateserial -out "${name}.crt" -days 1825 -sha256 -extfile utils/ssl.conf &>/dev/null
# Cleanup files
rm servorCA.pem servorCA.srl
rm -rf tmp