42 lines
828 B
Bash
42 lines
828 B
Bash
|
|
#!/usr/bin/env sh
|
||
|
|
set -euo pipefail
|
||
|
|
|
||
|
|
CA_DIR="${CA_DIR:-$(dirname $0)/ca}"
|
||
|
|
CA_KEY="${CA_DIR}/ca.key"
|
||
|
|
CA_CERT="${CA_DIR}/ca.pem"
|
||
|
|
|
||
|
|
CA_SUBJECT="${CA_SUBJECT:-/C=UZ/O=Local CA/CN=Local Root CA}"
|
||
|
|
CA_DAYS="${CA_DAYS:-3650}"
|
||
|
|
CA_KEY_BITS="${CA_KEY_BITS:-4096}"
|
||
|
|
|
||
|
|
mkdir -p "${CA_DIR}"
|
||
|
|
chmod 700 "${CA_DIR}"
|
||
|
|
|
||
|
|
if [[ -f "${CA_KEY}" || -f "${CA_CERT}" ]]; then
|
||
|
|
echo "CA already exists:"
|
||
|
|
echo " ${CA_KEY}"
|
||
|
|
echo " ${CA_CERT}"
|
||
|
|
echo "Nothing to do."
|
||
|
|
exit 0
|
||
|
|
fi
|
||
|
|
|
||
|
|
openssl genrsa -out "${CA_KEY}" "${CA_KEY_BITS}"
|
||
|
|
chmod 600 "${CA_KEY}"
|
||
|
|
|
||
|
|
openssl req \
|
||
|
|
-x509 \
|
||
|
|
-new \
|
||
|
|
-nodes \
|
||
|
|
-key "${CA_KEY}" \
|
||
|
|
-sha256 \
|
||
|
|
-days "${CA_DAYS}" \
|
||
|
|
-subj "${CA_SUBJECT}" \
|
||
|
|
-out "${CA_CERT}"
|
||
|
|
|
||
|
|
chmod 644 "${CA_CERT}"
|
||
|
|
|
||
|
|
echo "CA created:"
|
||
|
|
echo " key: ${CA_KEY}"
|
||
|
|
echo " cert: ${CA_CERT}"
|
||
|
|
|
||
|
|
openssl x509 -in "${CA_CERT}" -noout -subject -issuer -dates
|