SDGDen/CloudDeploy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

further changes to gencerts.sh including additional logging

Browse Source
This commit is contained in:
SDGDen
2026-03-09 15:25:28 +01:00
parent e09a150cc7
commit 5eb136b60a
1 changed files with 17 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
gencerts.sh
View File

@@ -11,7 +11,7 @@ fi
# Define CERTS_DIR without trailing slash
CERTS_DIR="/opt/files/certs"
mkdir -p "$CERTS_DIR"
echo "generating cnf files"
# Create OpenSSL configuration files
cat > "${CERTS_DIR}/openssl_root_ca.cnf" <<EOF
[ req ]
@@ -62,7 +62,7 @@ CN = *.$DOMAIN
[ v3_req ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints = CA:FALSE
keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
@@ -72,42 +72,50 @@ subjectAltName = @alt_names
DNS.1 = $DOMAIN
DNS.2 = *.$DOMAIN
EOF
echo "cnf files generated"
# Function to generate root CA
generate_root_ca() {
echo "Generating Root CA..."
openssl genrsa -out "${CERTS_DIR}/rootCA.key" 4096
echo "key generated"
openssl req -x509 -new -nodes -key "${CERTS_DIR}/rootCA.key" \
-sha256 -days 3650 -out "${CERTS_DIR}/rootCA.crt" \
-config "${CERTS_DIR}/openssl_root_ca.cnf" -extensions v3_ca
echo "crt generated"
}
# Function to generate intermediate CA
generate_intermediate_ca() {
echo "Generating Intermediate CA..."
openssl genrsa -out "${CERTS_DIR}/intermediateCA.key" 4096
echo "key generated"
openssl req -new -key "${CERTS_DIR}/intermediateCA.key" \
-out "${CERTS_DIR}/intermediateCA.csr" \
-config "${CERTS_DIR}/openssl_intermediate_ca.cnf"
echo "csr generated"
openssl x509 -req -in "${CERTS_DIR}/intermediateCA.csr" \
-CA "${CERTS_DIR}/rootCA.crt" -CAkey "${CERTS_DIR}/rootCA.key" \
-CAcreateserial -out "${CERTS_DIR}/intermediateCA.crt" \
-days 3650 -sha256 -extfile "${CERTS_DIR}/openssl_intermediate_ca.cnf" \
-extensions v3_ca
echo "crt generated and signed with root CA"
}
# Function to generate wildcard certificate
generate_wildcard_cert() {
echo "Generating Wildcard Certificate..."
openssl genrsa -out "${CERTS_DIR}/wildcard.key" 4096
echo "key generated"
openssl req -new -key "${CERTS_DIR}/wildcard.key" \
-out "${CERTS_DIR}/wildcard.csr" \
-config "${CERTS_DIR}/openssl_wildcard.cnf"
echo "csr generated"
openssl x509 -req -in "${CERTS_DIR}/wildcard.csr" \
-CA "${CERTS_DIR}/intermediateCA.crt" -CAkey "${CERTS_DIR}/intermediateCA.key" \
-CAcreateserial -out "${CERTS_DIR}/wildcard.crt" \
-days 3650 -sha256 -extfile "${CERTS_DIR}/openssl_wildcard.cnf" \
-extensions v3_req
echo "crt generated and signed with intermediate CA"
}
# Function to export certificates for cross-platform compatibility
@@ -116,21 +124,27 @@ export_certs() {
# Export root CA to .pfx (Windows)
openssl pkcs12 -export -out "${CERTS_DIR}/rootCA.pfx" \
-inkey "${CERTS_DIR}/rootCA.key" -in "${CERTS_DIR}/rootCA.crt" -passout pass:
echo "rootCA pfx exported"
# Export intermediate CA to .pfx (Windows)
openssl pkcs12 -export -out "${CERTS_DIR}/intermediateCA.pfx" \
-inkey "${CERTS_DIR}/intermediateCA.key" -in "${CERTS_DIR}/intermediateCA.crt" -passout pass:
echo "IntermediateCA pfx exported"
# Export wildcard cert to .pfx (Windows)
openssl pkcs12 -export -out "${CERTS_DIR}/wildcard.pfx" \
-inkey "${CERTS_DIR}/wildcard.key" -in "${CERTS_DIR}/wildcard.crt" -passout pass:
echo "wildcard pfx exported"
# Export root CA to .p12 (Cross-platform)
openssl pkcs12 -export -out "${CERTS_DIR}/rootCA.p12" \
-inkey "${CERTS_DIR}/rootCA.key" -in "${CERTS_DIR}/rootCA.crt" -passout pass:
echo "root p12 exported"
# Export intermediate CA to .p12 (Cross-platform)
openssl pkcs12 -export -out "${CERTS_DIR}/intermediateCA.p12" \
-inkey "${CERTS_DIR}/intermediateCA.key" -in "${CERTS_DIR}/intermediateCA.crt" -passout pass:
echo "intermediate p12 exported"
# Export wildcard cert to .p12 (Cross-platform)
openssl pkcs12 -export -out "${CERTS_DIR}/wildcard.p12" \
-inkey "${CERTS_DIR}/wildcard.key" -in "${CERTS_DIR}/wildcard.crt" -passout pass:
echo "wildcard p12 exported"
}
# Main script execution