#!/usr/bin/env sh set -euo pipefail CA_DIR="${CA_DIR:-$(dirname $0)/ca}" CA_KEY="${CA_DIR}/ca.key" CA_CERT="${CA_DIR}/ca.pem" CA_SUBJECT="${CA_SUBJECT:-/C=UZ/O=Local CA/CN=Local Root CA}" CA_DAYS="${CA_DAYS:-3650}" CA_KEY_BITS="${CA_KEY_BITS:-4096}" mkdir -p "${CA_DIR}" chmod 700 "${CA_DIR}" if [[ -f "${CA_KEY}" || -f "${CA_CERT}" ]]; then echo "CA already exists:" echo " ${CA_KEY}" echo " ${CA_CERT}" echo "Nothing to do." exit 0 fi openssl genrsa -out "${CA_KEY}" "${CA_KEY_BITS}" chmod 600 "${CA_KEY}" openssl req \ -x509 \ -new \ -nodes \ -key "${CA_KEY}" \ -sha256 \ -days "${CA_DAYS}" \ -subj "${CA_SUBJECT}" \ -out "${CA_CERT}" chmod 644 "${CA_CERT}" echo "CA created:" echo " key: ${CA_KEY}" echo " cert: ${CA_CERT}" openssl x509 -in "${CA_CERT}" -noout -subject -issuer -dates