blob: 283697f2b4ebb0ff2bbbb51b1da3e1e3ad0b1cfb (
plain) (
tree)
|
|
#!/bin/sh
# For a public or production server, purchase a cert from a known CA, and skip
# the next step.
# For development, testing and personal server management, create a CA key and
# cert, and use that to generate a server key and cert. Creates:
# ca.key.pem
# ca.cert.pem
# server.key.pem
# server.cert.pem
GENERATION_LOCATION="/run/user/$(id -u)/taskserver/certs";
BASEDIR="$(dirname "$0")"
cd "$BASEDIR" || echo "(BUG?) No basedir ('$BASEDIR')" 1>&2
set -- ./vars ./generate.ca ./generate.crl ./generate.client ./ca.key.pem.gpg ./isrgrootx1.pem
mkdir -p "$GENERATION_LOCATION"
cp "$@" "./ca.cert.pem" "$GENERATION_LOCATION"
cd "$GENERATION_LOCATION" || echo "(BUG?) No possible location fould!" 1>&2
gpg --decrypt ca.key.pem.gpg > ca.key.pem
cat ./isrgrootx1.pem >> ./ca.cert.pem
[ -f ./ca.key.pem ] || ./generate.ca
# Generate a certificate revocation list (CRL). The initial CRL is empty, but
# can grow over time. Creates:
# server.crl.pem
./generate.crl
# The above is sufficient to operate a server. You now need to run a client cert creation
# process per client; Add the required client names and uncomment
# ./generate.client <client_name>
#
#
# Creates:
# <client_name>.key.pem
# <client_name>.cert.pem
#
./generate.client soispha
./generate.client android-mobile
./generate.client android-tab
rm "$@" "./ca.key.pem"
echo "(INFO) Look for the keys at: $GENERATION_LOCATION"
|