diff options
Diffstat (limited to 'system/services/taskserver/certs/generate.ca')
| -rwxr-xr-x | system/services/taskserver/certs/generate.ca | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/system/services/taskserver/certs/generate.ca b/system/services/taskserver/certs/generate.ca new file mode 100755 index 0000000..4ffc6e9 --- /dev/null +++ b/system/services/taskserver/certs/generate.ca @@ -0,0 +1,47 @@ +#!/bin/sh + +# Take the correct binary to create the certificates +CERTTOOL=$(command -v gnutls-certtool 2>/dev/null || command -v certtool 2>/dev/null) +if [ -z "$CERTTOOL" ] +then + echo "ERROR: No certtool found" >&2 + exit 1 +fi + +. ./vars + +if ! [ -f ca.key.pem ] +then + # Create a CA key. + $CERTTOOL \ + --generate-privkey \ + --sec-param $SEC_PARAM \ + --outfile ca.key.pem +fi + +chmod 600 ca.key.pem + +if ! [ -f ca.template ] +then + # Sign a CA cert. + cat <<EOF >ca.template +organization = $ORGANIZATION +cn = $CN CA +country = $COUNTRY +expiration_days = $EXPIRATION_DAYS +ca +EOF +#state = $STATE +#locality = $LOCALITY +fi + +if ! [ -f ca.cert.pem ] || [ ca.template -nt ca.cert.pem ] +then + $CERTTOOL \ + --generate-self-signed \ + --load-privkey ca.key.pem \ + --template ca.template \ + --outfile ca.cert.pem +fi + +chmod 600 ca.cert.pem |