forked from xcat2/goconserver
-
Notifications
You must be signed in to change notification settings - Fork 0
/
setup_server_cert.sh
executable file
·43 lines (38 loc) · 1.32 KB
/
setup_server_cert.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
#!/bin/bash
if [ -z "$CONSOLESERVER_DIR" ]; then
CONSOLESERVER_DIR=/etc/goconserver
fi
if [ -z "$1" ]; then
echo "Usage: $0 servername"
CNA=`hostname`
else
CNA=$*
fi
umask 0077
CA_DIR=$CONSOLESERVER_DIR/ca
if [ -e $CONSOLESERVER_DIR/cert ]; then
echo -n "$CONSOLESERVER_DIR/cert already exists, delete and start over (y/n)?"
read ANSWER
if [ "$ANSWER" != "y" ]; then
echo "Aborting at user request"
exit 0
fi
rm -rf $CONSOLESERVER_DIR/cert
fi
mkdir -p $CONSOLESERVER_DIR/cert
cd $CONSOLESERVER_DIR/cert
sed -i "s/#CONSOLESERVERCASAN#/DNS.1 = `hostname --long`\nDNS.2 = `hostname --short`/g" $CA_DIR/openssl.cnf
openssl genrsa -out server-key.pem 2048
openssl req -config $CA_DIR/openssl.cnf -new -key server-key.pem -out server-req.pem -extensions server -subj "/CN=$CNA"
cp server-req.pem $CA_DIR/`hostname`.csr
cd -
cd $CA_DIR
openssl ca -startdate 600101010101Z -config openssl.cnf -in `hostname`.csr -out `hostname`.cert -extensions server -extensions san_env
if [ -f `hostname`.cert ]; then
rm `hostname`.csr
fi
cp `hostname`.cert $CONSOLESERVER_DIR/cert/server-cert.pem
#Put key and cert in a single file for the likes of conserver
cat $CONSOLESERVER_DIR/cert/server-cert.pem $CONSOLESERVER_DIR/cert/server-key.pem > $CONSOLESERVER_DIR/cert/server-cred.pem
cp ca-cert.pem $CONSOLESERVER_DIR/cert/ca.pem
cd -