1#!/usr/bin/env bash 2#*************************************************************************** 3# _ _ ____ _ 4# Project ___| | | | _ \| | 5# / __| | | | |_) | | 6# | (__| |_| | _ <| |___ 7# \___|\___/|_| \_\_____| 8# 9# Copyright (C) EdelWeb for EdelKey and OpenEvidence 10# 11# This software is licensed as described in the file COPYING, which 12# you should have received as part of this distribution. The terms 13# are also available at https://curl.se/docs/copyright.html. 14# 15# You may opt to use, copy, modify, merge, publish, distribute and/or sell 16# copies of the Software, and permit persons to whom the Software is 17# furnished to do so, under the terms of the COPYING file. 18# 19# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 20# KIND, either express or implied. 21# 22# SPDX-License-Identifier: curl 23# 24########################################################################### 25 26# exit on first fail 27set -eu 28 29OPENSSL=openssl 30if [ -f /usr/local/ssl/bin/openssl ]; then 31 OPENSSL=/usr/local/ssl/bin/openssl 32fi 33 34USAGE='echo Usage is genroot.sh <name>' 35 36HOME=$(pwd) 37cd "$HOME" 38 39KEYSIZE=2048 40DURATION=6000 41# The -sha256 option was introduced in OpenSSL 1.0.1 42DIGESTALGO=-sha256 43 44NOTOK= 45 46PREFIX="${1:-}" 47if [ -z "$PREFIX" ]; then 48 echo 'No configuration prefix' 49 NOTOK=1 50else 51 if [ ! -f "$PREFIX-ca.prm" ]; then 52 echo "No configuration file $PREFIX-ca.prm" 53 NOTOK=1 54 fi 55fi 56 57if [ -n "$NOTOK" ]; then 58 echo 'Sorry, I cannot do that for you.' 59 $USAGE 60 exit 61fi 62 63SERIAL="$(date +'%s')${RANDOM:(-4)}" 64 65echo "SERIAL=$SERIAL PREFIX=$PREFIX DURATION=$DURATION KEYSIZE=$KEYSIZE" 66 67set -x 68 69"$OPENSSL" genrsa -out "$PREFIX-ca.key" -passout fd:0 "$KEYSIZE" <<EOF 70pass:secret 71EOF 72"$OPENSSL" req -config "$PREFIX-ca.prm" -new -key "$PREFIX-ca.key" -out "$PREFIX-ca.csr" -passin fd:0 <<EOF 73pass:secret 74EOF 75"$OPENSSL" x509 -set_serial "$SERIAL" -extfile "$PREFIX-ca.prm" -days "$DURATION" -req -signkey "$PREFIX-ca.key" -in "$PREFIX-ca.csr" -out "$PREFIX-$SERIAL-ca.cacert" "$DIGESTALGO" 76"$OPENSSL" x509 -text -in "$PREFIX-$SERIAL-ca.cacert" -nameopt multiline > "$PREFIX-ca.cacert" 77"$OPENSSL" x509 -in "$PREFIX-ca.cacert" -outform der -out "$PREFIX-ca.der" 78"$OPENSSL" x509 -in "$PREFIX-ca.cacert" -text -nameopt multiline > "$PREFIX-ca.crt" 79"$OPENSSL" x509 -noout -text -in "$PREFIX-ca.cacert" -nameopt multiline 80# "$OPENSSL" rsa -in "../keys/$PREFIX-ca.key" -text -noout -pubout 81