forked from xcat2/goconserver
-
Notifications
You must be signed in to change notification settings - Fork 0
/
setup_ca_cert.sh
executable file
·37 lines (33 loc) · 1023 Bytes
/
setup_ca_cert.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
#!/bin/bash
if [ -z "$CONSOLESERVER_DIR" ]; then
CONSOLESERVER_DIR=/etc/goconserver
fi
if [ -z "$1" ]; then
echo "Usage: $0 <CA name>"
exit 1
fi
CNA="$*"
CA_DIR=$CONSOLESERVER_DIR/ca
if [ -e $CA_DIR ]; then
echo -n "Existing xCAT certificate authority detected at $XCATDIR/ca, delete? (y/n):"
read ANSWER
if [ $ANSWER != 'y' ]; then
echo "Aborting install at user request"
exit 0;
fi
rm -rf $CA_DIR
mkdir -p $CA_DIR
else
mkdir -p $CA_DIR
fi
sed -e "s@##CERT_DIR##@$CA_DIR@" openssl.cnf.tmpl > $CA_DIR/openssl.cnf
mkdir -p $CA_DIR/crl $CA_DIR/certs $CA_DIR/private
chmod go-rwx $CA_DIR/private
echo '01' > $CA_DIR/serial
touch $CA_DIR/index
cd $CA_DIR
openssl genrsa -out private/ca-key.pem 2048
chmod 600 private/ca-key.pem
openssl req -new -key private/ca-key.pem -config openssl.cnf -out ca-req.csr -subj /CN="$CNA" -outform PEM
openssl ca -selfsign -keyfile private/ca-key.pem -in ca-req.csr -startdate 700101010101Z -days 7305 -extensions v3_ca -config openssl.cnf -out ca-cert.pem
cd -