diff options
| author | Joe Rayhawk <jrayhawk@omgwallhack.org> | 2011-03-27 19:52:49 -0700 |
|---|---|---|
| committer | Joe Rayhawk <jrayhawk@omgwallhack.org> | 2011-03-27 19:52:49 -0700 |
| commit | 478e1993e0760ad83668243111be155b3e9e7050 (patch) | |
| tree | 46d356b1a306d5333dd530115e57b61bcb3ab803 /gensignedcert.sh | |
| download | cash-478e1993e0760ad83668243111be155b3e9e7050.tar.gz cash-478e1993e0760ad83668243111be155b3e9e7050.zip | |
Initial content; missing some mailcert.sh support
Diffstat (limited to 'gensignedcert.sh')
| -rwxr-xr-x | gensignedcert.sh | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/gensignedcert.sh b/gensignedcert.sh new file mode 100755 index 0000000..3564024 --- /dev/null +++ b/gensignedcert.sh @@ -0,0 +1,31 @@ +#!/bin/sh +# ./keygen [name] (configfile) +# This is only suggested if you have a secured path to deliver this new key through. + +SUPPLEMENTARY_CONFIG="$2" + +. ./configure.sh + +if ! [ $1 ]; then + echo "Please provide a one-word certificate name as an argument.\n" + echo "$0 [name] (configfile)\n" + exit 2 +fi + +if [ $2 ]; then + export CA=$2 +fi + +# Gen signed key +mkdir -pv "$CA"/signed "$CA"/temp "$CA"/certs +openssl req -config "$OPENSSL_CONFIG" -new -nodes -out "$CA"/temp/"$1".csr -keyout "$CA"/temp/"$1".key +chmod 600 "$CA"/temp/"$1".key +SERIAL=$(cat "$CA"/ca/"$CA".serial) +openssl ca -config "$OPENSSL_CONFIG" -in "$CA"/temp/"$1".csr +if [ -e "$CA"/certs/"$SERIAL".pem ]; then # openssl lacks useful exit status codes, so we check to see if it actually did anything instead. + mv -i "$CA"/temp/"$1".csr "$CA"/temp/"$1".key "$CA"/signed/ + ln "$CA"/certs/"$SERIAL".pem "$CA"/signed/"$1".crt # so we can find the certificate by name as well as by serial + echo To create an encrypted key/certificate, run the following: + echo openssl rsa -in "$CA"/signed/"$1".key -des3 -out "$CA"/signed/"$1"-password.key + echo cat "$CA"/signed/"$1"-password.key "$CA"/signed/"$1".crt '>' "$CA"/signed/"$1"-password.pem +fi |