2018-02-20 09:20:12 +00:00
|
|
|
#!/bin/bash -e
|
|
|
|
|
|
|
|
usage() {
|
|
|
|
echo "usage: $0 COMMON_NAME [OUT]"
|
|
|
|
echo
|
|
|
|
echo " COMMON_NAME the domain name the certificate is valid for, eg. example.com"
|
|
|
|
echo " OUT path to output directory generated files will be placed in"
|
|
|
|
echo
|
|
|
|
}
|
|
|
|
|
|
|
|
if [ -z "$1" ]; then
|
|
|
|
usage
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
CMD="$(realpath "$0")"
|
|
|
|
DIR="$(dirname "${CMD}")"
|
|
|
|
|
|
|
|
CN="$1"
|
|
|
|
OUT="$(realpath "${2:-.}")"
|
|
|
|
|
|
|
|
# shellcheck source=scripts/ssl-common.sh
|
|
|
|
source "${DIR}/ssl-common.sh"
|
|
|
|
|
|
|
|
ROOT_CA="${ROOT_PKI}/ca.crt"
|
|
|
|
|
2018-12-17 18:36:59 +00:00
|
|
|
if [ ! -f $ROOT_CA ]; then
|
|
|
|
# Create a secret key and CA file for the self-signed CA
|
|
|
|
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" init-pki 2>/dev/null
|
|
|
|
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" --days="${CA_EXPIRY_DAYS}" --req-cn="ca.${CN}" build-ca nopass 2>/dev/null
|
|
|
|
|
|
|
|
# update indexes and generate CRLs
|
|
|
|
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" update-db 2>/dev/null
|
|
|
|
"$easyrsa_bin" --pki-dir="${ROOT_PKI}" gen-crl 2>/dev/null
|
|
|
|
fi
|