3

bin/gen-cert-1.sh

@@ -1,58 +0,0 @@
-#!/usr/bin/env bash
-
-# if the server name is undefined, lets default to 'Some-Server'
-SERVER="${SERVER:-Some-Server}"
-
-CORPORATION="NgTech LTD"
-GROUP="IT"
-CITY="Karney Shomron"
-STATE="Center"
-COUNTRY="IL"
-DAYS="3650"
-
-CERT_AUTH_PASS=`openssl rand -base64 32`
-echo $CERT_AUTH_PASS > cert_auth_password
-CERT_AUTH_PASS=`cat cert_auth_password`
-
-# create the certificate authority
-openssl \
-  req \
-  -subj "/CN=$SERVER.ca/OU=$GROUP/O=$CORPORATION/L=$CITY/ST=$STATE/C=$COUNTRY" \
-  -new \
-  -x509 \
-  -keyout ca-cert.key \
-  -out ca-cert.crt \
-  -days ${DAYS}
-
-#  -passout pass:$CERT_AUTH_PASS \
-
-# create client private key (used to decrypt the cert we get from the CA)
-openssl genrsa -out $SERVER.key
-
-# create the CSR(Certitificate Signing Request)
-openssl \
-  req \
-  -new \
-  -nodes \
-  -subj "/CN=$SERVER/OU=$GROUP/O=$CORPORATION/L=$CITY/ST=$STATE/C=$COUNTRY" \
-  -sha256 \
-  -extensions v3_req \
-  -reqexts SAN \
-  -key $SERVER.key \
-  -out $SERVER.csr \
-  -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:$SERVER")) \
-  -days 36500
-
-# sign the certificate with the certificate authority
-openssl \
-  x509 \
-  -req \
-  -days ${DAYS} \
-  -in $SERVER.csr \
-  -CA ca-cert.crt \
-  -CAkey ca-cert.key \
-  -CAcreateserial \
-  -out $SERVER.crt \
-  -extfile <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:$SERVER")) \
-  -extensions SAN 
-#  -passin pass:$CERT_AUTH_PASS