commit d7e2e22c588996c2c4c3aea5a390327282b67f0e
from: Omar Polo <op@omarpolo.com>
date: Sat Oct 09 14:07:21 2021 UTC

add gencert, a simple script to generate self-signed certs

commit - 9bb2f62e241164788b683971648e51e3cf174947
commit + d7e2e22c588996c2c4c3aea5a390327282b67f0e
blob - 9895ba7c9755379f038199aefe3ade8fd608b81a
blob + e69c10860b5e61366d2de0a7607f218f3e22bb0a
--- ChangeLog
+++ ChangeLog
@@ -1,3 +1,7 @@
+2021-10-09  Omar Polo  <op@omarpolo.com>
+
+	* contrib/gencert: add gencert, a simple script to generate self-signed certs
+
 2021-10-04  Omar Polo  <op@omarpolo.com>
 
 	* regress/lib.sh (raw): reduced the timeout time for single checks from 30 to 10 seconds
blob - ab45f9bd8c051602da9e2eb481d16d3450005e46
blob + d4fa347dde73598afb857c5057c991b317095fe4
--- contrib/README
+++ contrib/README
@@ -5,6 +5,10 @@ Dockerfile
 
 	Sample Dockerfile to build alpine-based gmid images.
 
+gencert
+
+	Simple shell script to generate self-signed certificates.
+
 gmid
 
 	Sample rc(8) script for OpenBSD, to be placed in /etc/rc.d.
blob - /dev/null
blob + 888194f8be3cec6f3f6197c07e828cee8afd88f9 (mode 755)
--- /dev/null
+++ contrib/gencert
@@ -0,0 +1,95 @@
+#!/bin/sh
+#
+# NAME
+#	gencert - generate certificates
+#
+# SYNOPSIS
+#	./gencert [-fh] [-D days] [-d destdir] hostname
+#
+# DESCRIPTION
+#	A simple script to generate self-signed X.509 certificates for
+#	gmid.
+#
+#	The option are as follows:
+#		-D	Specify the number of days the certificate
+#			will be valid for.  Use 365 (a year) by default.
+#		-d	Save the certificates to the given directory.
+#			By default the current directory is used.
+#		-f	Forcefully overwrite existing certificates
+#			without prompting.
+#		-h	Display usage and exit.
+#
+# SEE ALSO
+#	openssl(1)
+#
+
+progname="$(basename -- "$0")"
+
+usage() {
+	echo "usage: $progname [-fh] [-d destdir] [-D days] hostname" >&2
+	echo "Please read the comment at the top of $0 for the usage." >&2
+	exit $1
+}
+
+force=no
+destdir=.
+days=365
+
+while getopts "D:d:fh" flag; do
+	case $flag in
+		D) days="$OPTARG" ;;
+		d) destdir="${OPTARG%/}" ;;
+		f) force=yes ;;
+		h) usage 0 ;;
+		?) usage 1 ;;
+	esac
+done
+
+shift $(($OPTIND - 1))
+
+if [ $# -ne 1 ]; then
+	usage 1
+fi
+
+if [ ! -d "${destdir}" ]; then
+	echo "${progname}: ${destdir} is not a directory." >&2
+	usage 1
+fi
+
+hostname="${1}"
+pem="${destdir}/${hostname}.pem"
+key="${destdir}/${hostname}.key"
+
+if [ -f "$pem" -o -f "$key" ]; then
+	if [ $force = no ]; then
+		while :; do
+			printf "Overwrite existing certificate $pem? [y/n] "
+			if ! read -r reply; then
+				echo
+				exit 1
+			fi
+			case "$reply" in
+				[yY]) echo "overwriting"; break ;;
+				[nN]) echo "quitting"; exit 0 ;;
+			esac
+		done
+	fi
+fi
+
+openssl req -x509		\
+	-newkey rsa:4096	\
+	-out "${pem}"		\
+	-keyout "${key}"	\
+	-days "${days}"		\
+	-nodes			\
+	-subj "/CN=$hostname"
+
+e=$?
+if [ $e -ne 0 ]; then
+	exit $e
+fi
+
+echo
+echo "Generated files:"
+echo "	$pem : certificate"
+echo "	$key : private key"