4 d7e2e22c 2021-10-09 op # gencert - generate certificates
7 d7e2e22c 2021-10-09 op # ./gencert [-fh] [-D days] [-d destdir] hostname
10 d7e2e22c 2021-10-09 op # A simple script to generate self-signed X.509 certificates for
13 d7e2e22c 2021-10-09 op # The option are as follows:
14 d7e2e22c 2021-10-09 op # -D Specify the number of days the certificate
15 d7e2e22c 2021-10-09 op # will be valid for. Use 365 (a year) by default.
16 d7e2e22c 2021-10-09 op # -d Save the certificates to the given directory.
17 d7e2e22c 2021-10-09 op # By default the current directory is used.
18 d7e2e22c 2021-10-09 op # -f Forcefully overwrite existing certificates
19 d7e2e22c 2021-10-09 op # without prompting.
20 d7e2e22c 2021-10-09 op # -h Display usage and exit.
26 d7e2e22c 2021-10-09 op progname="$(basename -- "$0")"
29 d7e2e22c 2021-10-09 op echo "usage: $progname [-fh] [-d destdir] [-D days] hostname" >&2
30 d7e2e22c 2021-10-09 op echo "Please read the comment at the top of $0 for the usage." >&2
38 d7e2e22c 2021-10-09 op while getopts "D:d:fh" flag; do
40 d7e2e22c 2021-10-09 op D) days="$OPTARG" ;;
41 d7e2e22c 2021-10-09 op d) destdir="${OPTARG%/}" ;;
42 d7e2e22c 2021-10-09 op f) force=yes ;;
48 d7e2e22c 2021-10-09 op shift $(($OPTIND - 1))
50 d7e2e22c 2021-10-09 op if [ $# -ne 1 ]; then
54 d7e2e22c 2021-10-09 op if [ ! -d "${destdir}" ]; then
55 d7e2e22c 2021-10-09 op echo "${progname}: ${destdir} is not a directory." >&2
59 d7e2e22c 2021-10-09 op hostname="${1}"
60 d7e2e22c 2021-10-09 op pem="${destdir}/${hostname}.pem"
61 d7e2e22c 2021-10-09 op key="${destdir}/${hostname}.key"
63 d7e2e22c 2021-10-09 op if [ -f "$pem" -o -f "$key" ]; then
64 d7e2e22c 2021-10-09 op if [ $force = no ]; then
66 d7e2e22c 2021-10-09 op printf "Overwrite existing certificate $pem? [y/n] "
67 d7e2e22c 2021-10-09 op if ! read -r reply; then
71 d7e2e22c 2021-10-09 op case "$reply" in
72 d7e2e22c 2021-10-09 op [yY]) echo "overwriting"; break ;;
73 d7e2e22c 2021-10-09 op [nN]) echo "quitting"; exit 0 ;;
79 d7e2e22c 2021-10-09 op openssl req -x509 \
80 d7e2e22c 2021-10-09 op -newkey rsa:4096 \
81 d7e2e22c 2021-10-09 op -out "${pem}" \
82 d7e2e22c 2021-10-09 op -keyout "${key}" \
83 d7e2e22c 2021-10-09 op -days "${days}" \
85 d7e2e22c 2021-10-09 op -subj "/CN=$hostname"
88 d7e2e22c 2021-10-09 op if [ $e -ne 0 ]; then
93 d7e2e22c 2021-10-09 op echo "Generated files:"
94 d7e2e22c 2021-10-09 op echo " $pem : certificate"
95 d7e2e22c 2021-10-09 op echo " $key : private key"