salutedev-test-web-app/.ssl/gen-ca.sh
2026-06-04 14:11:13 +03:00

42 lines
No EOL
828 B
Bash
Executable file

#!/usr/bin/env sh
set -euo pipefail
CA_DIR="${CA_DIR:-$(dirname $0)/ca}"
CA_KEY="${CA_DIR}/ca.key"
CA_CERT="${CA_DIR}/ca.pem"
CA_SUBJECT="${CA_SUBJECT:-/C=UZ/O=Local CA/CN=Local Root CA}"
CA_DAYS="${CA_DAYS:-3650}"
CA_KEY_BITS="${CA_KEY_BITS:-4096}"
mkdir -p "${CA_DIR}"
chmod 700 "${CA_DIR}"
if [[ -f "${CA_KEY}" || -f "${CA_CERT}" ]]; then
echo "CA already exists:"
echo " ${CA_KEY}"
echo " ${CA_CERT}"
echo "Nothing to do."
exit 0
fi
openssl genrsa -out "${CA_KEY}" "${CA_KEY_BITS}"
chmod 600 "${CA_KEY}"
openssl req \
-x509 \
-new \
-nodes \
-key "${CA_KEY}" \
-sha256 \
-days "${CA_DAYS}" \
-subj "${CA_SUBJECT}" \
-out "${CA_CERT}"
chmod 644 "${CA_CERT}"
echo "CA created:"
echo " key: ${CA_KEY}"
echo " cert: ${CA_CERT}"
openssl x509 -in "${CA_CERT}" -noout -subject -issuer -dates