mirror of
https://github.com/balena-io/open-balena.git
synced 2025-01-24 13:28:06 +00:00
35 lines
983 B
Plaintext
35 lines
983 B
Plaintext
|
#!/bin/bash -e
|
||
|
|
||
|
usage() {
|
||
|
echo "usage: $0 COMMON_NAME [OUT]"
|
||
|
echo
|
||
|
echo " COMMON_NAME the domain name the certificate is valid for, eg. example.com"
|
||
|
echo " OUT path to output directory generated files will be placed in"
|
||
|
echo
|
||
|
}
|
||
|
|
||
|
if [ -z "$1" ]; then
|
||
|
usage
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
CMD="$(realpath "$0")"
|
||
|
DIR="$(dirname "${CMD}")"
|
||
|
|
||
|
CN="$1"
|
||
|
OUT="$(realpath "${2:-.}")"
|
||
|
|
||
|
# shellcheck source=scripts/ssl-common.sh
|
||
|
source "${DIR}/ssl-common.sh"
|
||
|
|
||
|
# generate default CSR and sign (root + wildcard)
|
||
|
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" --days="${CRT_EXPIRY_DAYS}" --subject-alt-name="DNS:*.${CN}" build-server-full "*.${CN}" nopass 2>/dev/null
|
||
|
ROOT_CRT="${ROOT_PKI}"'/issued/*.'"${CN}"'.crt'
|
||
|
ROOT_KEY="${ROOT_PKI}"'/private/*.'"${CN}"'.key'
|
||
|
echo "ROOT_CRT=${ROOT_CRT//$OUT/\$OUT}"
|
||
|
echo "ROOT_KEY=${ROOT_KEY//$OUT/\$OUT}"
|
||
|
|
||
|
# update indexes and generate CRLs
|
||
|
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" update-db 2>/dev/null
|
||
|
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" gen-crl 2>/dev/null
|