commit - 34886b1e55ef0eda629b22742e7173fea04bf8f7
commit + ac9f55ba3248ea026ca146202c69c2aa4b3594ed
blob - 888194f8be3cec6f3f6197c07e828cee8afd88f9
blob + 20ce1def2217049b03d3932892e15a62c72c124f
--- contrib/gencert
+++ contrib/gencert
# gencert - generate certificates
#
# SYNOPSIS
-# ./gencert [-fh] [-D days] [-d destdir] hostname
+# ./gencert [-efh] [-D days] [-d destdir] hostname
#
# DESCRIPTION
# A simple script to generate self-signed X.509 certificates for
# will be valid for. Use 365 (a year) by default.
# -d Save the certificates to the given directory.
# By default the current directory is used.
+# -e Use an EC key instead of RSA.
# -f Forcefully overwrite existing certificates
# without prompting.
# -h Display usage and exit.
exit $1
}
+ec=no
force=no
destdir=.
days=365
-while getopts "D:d:fh" flag; do
+while getopts "D:d:efh" flag; do
case $flag in
D) days="$OPTARG" ;;
d) destdir="${OPTARG%/}" ;;
+ e) ec=yes ;;
f) force=yes ;;
h) usage 0 ;;
?) usage 1 ;;
fi
fi
-openssl req -x509 \
- -newkey rsa:4096 \
- -out "${pem}" \
- -keyout "${key}" \
- -days "${days}" \
- -nodes \
- -subj "/CN=$hostname"
+if [ $ec = yes ]; then
+ openssl ecparam -name prime256v1 -genkey -noout -out "${key}" && \
+ openssl req -new -x509 -key "${key}" -out "${pem}" -days "${days}" \
+ -nodes -subj "/CN=$hostname"
+else
+ openssl req -x509 \
+ -newkey rsa:4096 \
+ -out "${pem}" \
+ -keyout "${key}" \
+ -days "${days}" \
+ -nodes \
+ -subj "/CN=$hostname"
+fi
e=$?
if [ $e -ne 0 ]; then