|
- #!/bin/sh
-
- SCRIPT=$(realpath "$0")
- DIR=$(dirname "$SCRIPT")
- CA="$DIR/ca"
-
- if [ ! -f "$CA.key" ]; then
- openssl req \
- -x509 \
- -sha256 \
- -days 1825 \
- -newkey rsa:2048 \
- -keyout "$CA.key" \
- -out "$CA.crt"
- fi
-
- if [ -n "$1" ]; then
- FILE="$DIR/$1"
-
- echo "Generating key for $1"
- openssl req \
- -newkey rsa:2048 \
- -nodes \
- -keyout "$FILE.key" \
- -out "$FILE.csr"
-
- echo ""
-
- cat <<EOF > "$FILE.ext"
- authorityKeyIdentifier=keyid,issuer
- basicConstraints=CA:FALSE
- keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
- subjectAltName = @alt_names
-
- [alt_names]
- DNS.1 = $1
- EOF
-
- echo ""
- openssl x509 \
- -req \
- -CA "$CA.crt" \
- -CAkey "$CA.key" \
- -in "$FILE.csr" \
- -out "$FILE.crt" \
- -days 365 \
- -CAcreateserial \
- -extfile "$FILE.ext"
-
- echo ""
- echo "Creating PKCS12 archive"
- cat "$FILE.key" "$FILE.crt" | openssl pkcs12 -export -in - -out "$FILE.p12"
- else
- echo "USAGE: generate-key.sh KEYNAME"
- fi
|
