#!/bin/bash -e usage() { echo "usage: $0 COMMON_NAME [OUT]" echo echo " COMMON_NAME the domain name the certificate is valid for, eg. example.com" echo " OUT path to output directory generated files will be placed in" echo } if [ -z "$1" ]; then usage exit 1 fi CMD="$(realpath "$0")" DIR="$(dirname "${CMD}")" CN="$1" OUT="$(realpath "${2:-.}")" # shellcheck source=scripts/ssl-common.sh source "${DIR}/ssl-common.sh" # generate default CSR and sign (root + wildcard) "$easyrsa_bin" --pki-dir="${ROOT_PKI}" --days="${CRT_EXPIRY_DAYS}" --subject-alt-name="DNS:*.${CN}" build-server-full "*.${CN}" nopass 2>/dev/null ROOT_CRT="${ROOT_PKI}"'/issued/*.'"${CN}"'.crt' ROOT_KEY="${ROOT_PKI}"'/private/*.'"${CN}"'.key' echo "ROOT_CRT=${ROOT_CRT//$OUT/\$OUT}" echo "ROOT_KEY=${ROOT_KEY//$OUT/\$OUT}" # update indexes and generate CRLs "$easyrsa_bin" --pki-dir="${ROOT_PKI}" update-db 2>/dev/null "$easyrsa_bin" --pki-dir="${ROOT_PKI}" gen-crl 2>/dev/null