blob: e10ba4d14d6e065d097680e7d863dde671228043 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
#!/usr/bin/env bash
set -eu
COMMAND=$1
shift
OUT=$1
shift
DOMAIN=$1
shift
mkdir -p $(dirname $OUT)
PREGEN_OUT=$(echo "$OUT" | sed "s#/gen/#/pregen/#")
if [ -e $PREGEN_OUT ]
then
cp $PREGEN_OUT $OUT
exit 0
fi
case "$COMMAND" in
chain)
cat $@ > $OUT
;;
dhparam)
openssl dhparam \
-out $OUT \
$1
;;
gen-csr)
openssl req -new \
-out $OUT \
-config <(cat $1 | sed "s/__DOMAIN__/$DOMAIN/g") \
-key $2
;;
gen-csr-no-subject)
openssl req -new \
-subj / \
-out $OUT \
-config <(cat $1 | sed "s/__DOMAIN__/$DOMAIN/g") \
-key $2
;;
gen-ca)
openssl req -new -x509 -days 7300 \
-out $OUT \
-config $1 \
-key $2
;;
gen-key)
openssl genrsa \
-out $OUT \
$1
;;
gen-ecckey)
openssl ecparam \
-out $OUT \
-name $1 \
-genkey
;;
gen-pkcs12-p12)
openssl pkcs12 \
-out $OUT \
-export \
-clcerts \
-passout "pass:$DOMAIN" \
-in $1 \
-inkey $2
;;
pkcs12-convert-p12-pem)
openssl pkcs12 \
-out $OUT \
-clcerts \
-passin "pass:$DOMAIN" \
-passout "pass:$DOMAIN" \
-in $1
;;
self-sign)
openssl x509 -req -CAcreateserial \
-out $OUT \
-days $1 \
-$2 \
-extensions $3 \
-extfile <(cat $4 | sed "s/__DOMAIN__/$DOMAIN/g") \
-in $5 \
-signkey $6
;;
sign)
openssl x509 \
-req \
-CAcreateserial \
-days $1 \
-$2 \
-out $OUT \
-extensions $3 \
-extfile <(cat $4 | sed "s/__DOMAIN__/$DOMAIN/g") \
-in $5 \
-CAkey $6 \
-CA $7
;;
*)
echo "Unknown command."
exit 1
esac
|
