SDGDen/CloudDeploy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

further changes to gencerts.sh including additional logging

Browse Source
This commit is contained in:
SDGDen
2026-03-09 15:25:28 +01:00
parent e09a150cc7
commit 5eb136b60a
1 changed files with 17 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
gencerts.sh
View File

@@ -11,7 +11,7 @@ fi
# Define CERTS_DIR without trailing slash # Define CERTS_DIR without trailing slash
CERTS_DIR="/opt/files/certs" CERTS_DIR="/opt/files/certs"
mkdir -p "$CERTS_DIR" mkdir -p "$CERTS_DIR"
echo "generating cnf files"
# Create OpenSSL configuration files # Create OpenSSL configuration files
cat > "${CERTS_DIR}/openssl_root_ca.cnf" <<EOF cat > "${CERTS_DIR}/openssl_root_ca.cnf" <<EOF
[ req ] [ req ]
@@ -62,7 +62,7 @@ CN = *.$DOMAIN
[ v3_req ] [ v3_req ]
subjectKeyIdentifier = hash subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints = CA:FALSE basicConstraints = CA:FALSE
keyUsage = critical, digitalSignature, keyEncipherment keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth extendedKeyUsage = serverAuth
@@ -72,42 +72,50 @@ subjectAltName = @alt_names
DNS.1 = $DOMAIN DNS.1 = $DOMAIN
DNS.2 = *.$DOMAIN DNS.2 = *.$DOMAIN
EOF EOF
echo "cnf files generated"
# Function to generate root CA # Function to generate root CA
generate_root_ca() { generate_root_ca() {
echo "Generating Root CA..." echo "Generating Root CA..."
openssl genrsa -out "${CERTS_DIR}/rootCA.key" 4096 openssl genrsa -out "${CERTS_DIR}/rootCA.key" 4096
echo "key generated"
openssl req -x509 -new -nodes -key "${CERTS_DIR}/rootCA.key" \ openssl req -x509 -new -nodes -key "${CERTS_DIR}/rootCA.key" \
-sha256 -days 3650 -out "${CERTS_DIR}/rootCA.crt" \ -sha256 -days 3650 -out "${CERTS_DIR}/rootCA.crt" \
-config "${CERTS_DIR}/openssl_root_ca.cnf" -extensions v3_ca -config "${CERTS_DIR}/openssl_root_ca.cnf" -extensions v3_ca
echo "crt generated"
} }
# Function to generate intermediate CA # Function to generate intermediate CA
generate_intermediate_ca() { generate_intermediate_ca() {
echo "Generating Intermediate CA..." echo "Generating Intermediate CA..."
openssl genrsa -out "${CERTS_DIR}/intermediateCA.key" 4096 openssl genrsa -out "${CERTS_DIR}/intermediateCA.key" 4096
echo "key generated"
openssl req -new -key "${CERTS_DIR}/intermediateCA.key" \ openssl req -new -key "${CERTS_DIR}/intermediateCA.key" \
-out "${CERTS_DIR}/intermediateCA.csr" \ -out "${CERTS_DIR}/intermediateCA.csr" \
-config "${CERTS_DIR}/openssl_intermediate_ca.cnf" -config "${CERTS_DIR}/openssl_intermediate_ca.cnf"
echo "csr generated"
openssl x509 -req -in "${CERTS_DIR}/intermediateCA.csr" \ openssl x509 -req -in "${CERTS_DIR}/intermediateCA.csr" \
-CA "${CERTS_DIR}/rootCA.crt" -CAkey "${CERTS_DIR}/rootCA.key" \ -CA "${CERTS_DIR}/rootCA.crt" -CAkey "${CERTS_DIR}/rootCA.key" \
-CAcreateserial -out "${CERTS_DIR}/intermediateCA.crt" \ -CAcreateserial -out "${CERTS_DIR}/intermediateCA.crt" \
-days 3650 -sha256 -extfile "${CERTS_DIR}/openssl_intermediate_ca.cnf" \ -days 3650 -sha256 -extfile "${CERTS_DIR}/openssl_intermediate_ca.cnf" \
-extensions v3_ca -extensions v3_ca
echo "crt generated and signed with root CA"
} }
# Function to generate wildcard certificate # Function to generate wildcard certificate
generate_wildcard_cert() { generate_wildcard_cert() {
echo "Generating Wildcard Certificate..." echo "Generating Wildcard Certificate..."
openssl genrsa -out "${CERTS_DIR}/wildcard.key" 4096 openssl genrsa -out "${CERTS_DIR}/wildcard.key" 4096
echo "key generated"
openssl req -new -key "${CERTS_DIR}/wildcard.key" \ openssl req -new -key "${CERTS_DIR}/wildcard.key" \
-out "${CERTS_DIR}/wildcard.csr" \ -out "${CERTS_DIR}/wildcard.csr" \
-config "${CERTS_DIR}/openssl_wildcard.cnf" -config "${CERTS_DIR}/openssl_wildcard.cnf"
echo "csr generated"
openssl x509 -req -in "${CERTS_DIR}/wildcard.csr" \ openssl x509 -req -in "${CERTS_DIR}/wildcard.csr" \
-CA "${CERTS_DIR}/intermediateCA.crt" -CAkey "${CERTS_DIR}/intermediateCA.key" \ -CA "${CERTS_DIR}/intermediateCA.crt" -CAkey "${CERTS_DIR}/intermediateCA.key" \
-CAcreateserial -out "${CERTS_DIR}/wildcard.crt" \ -CAcreateserial -out "${CERTS_DIR}/wildcard.crt" \
-days 3650 -sha256 -extfile "${CERTS_DIR}/openssl_wildcard.cnf" \ -days 3650 -sha256 -extfile "${CERTS_DIR}/openssl_wildcard.cnf" \
-extensions v3_req -extensions v3_req
echo "crt generated and signed with intermediate CA"
} }
# Function to export certificates for cross-platform compatibility # Function to export certificates for cross-platform compatibility
@@ -116,21 +124,27 @@ export_certs() {
# Export root CA to .pfx (Windows) # Export root CA to .pfx (Windows)
openssl pkcs12 -export -out "${CERTS_DIR}/rootCA.pfx" \ openssl pkcs12 -export -out "${CERTS_DIR}/rootCA.pfx" \
-inkey "${CERTS_DIR}/rootCA.key" -in "${CERTS_DIR}/rootCA.crt" -passout pass: -inkey "${CERTS_DIR}/rootCA.key" -in "${CERTS_DIR}/rootCA.crt" -passout pass:
echo "rootCA pfx exported"
# Export intermediate CA to .pfx (Windows) # Export intermediate CA to .pfx (Windows)
openssl pkcs12 -export -out "${CERTS_DIR}/intermediateCA.pfx" \ openssl pkcs12 -export -out "${CERTS_DIR}/intermediateCA.pfx" \
-inkey "${CERTS_DIR}/intermediateCA.key" -in "${CERTS_DIR}/intermediateCA.crt" -passout pass: -inkey "${CERTS_DIR}/intermediateCA.key" -in "${CERTS_DIR}/intermediateCA.crt" -passout pass:
echo "IntermediateCA pfx exported"
# Export wildcard cert to .pfx (Windows) # Export wildcard cert to .pfx (Windows)
openssl pkcs12 -export -out "${CERTS_DIR}/wildcard.pfx" \ openssl pkcs12 -export -out "${CERTS_DIR}/wildcard.pfx" \
-inkey "${CERTS_DIR}/wildcard.key" -in "${CERTS_DIR}/wildcard.crt" -passout pass: -inkey "${CERTS_DIR}/wildcard.key" -in "${CERTS_DIR}/wildcard.crt" -passout pass:
echo "wildcard pfx exported"
# Export root CA to .p12 (Cross-platform) # Export root CA to .p12 (Cross-platform)
openssl pkcs12 -export -out "${CERTS_DIR}/rootCA.p12" \ openssl pkcs12 -export -out "${CERTS_DIR}/rootCA.p12" \
-inkey "${CERTS_DIR}/rootCA.key" -in "${CERTS_DIR}/rootCA.crt" -passout pass: -inkey "${CERTS_DIR}/rootCA.key" -in "${CERTS_DIR}/rootCA.crt" -passout pass:
echo "root p12 exported"
# Export intermediate CA to .p12 (Cross-platform) # Export intermediate CA to .p12 (Cross-platform)
openssl pkcs12 -export -out "${CERTS_DIR}/intermediateCA.p12" \ openssl pkcs12 -export -out "${CERTS_DIR}/intermediateCA.p12" \
-inkey "${CERTS_DIR}/intermediateCA.key" -in "${CERTS_DIR}/intermediateCA.crt" -passout pass: -inkey "${CERTS_DIR}/intermediateCA.key" -in "${CERTS_DIR}/intermediateCA.crt" -passout pass:
echo "intermediate p12 exported"
# Export wildcard cert to .p12 (Cross-platform) # Export wildcard cert to .p12 (Cross-platform)
openssl pkcs12 -export -out "${CERTS_DIR}/wildcard.p12" \ openssl pkcs12 -export -out "${CERTS_DIR}/wildcard.p12" \
-inkey "${CERTS_DIR}/wildcard.key" -in "${CERTS_DIR}/wildcard.crt" -passout pass: -inkey "${CERTS_DIR}/wildcard.key" -in "${CERTS_DIR}/wildcard.crt" -passout pass:
echo "wildcard p12 exported"
} }
# Main script execution # Main script execution