Changeset View
Changeset View
Standalone View
Standalone View
bin/regen-certs
#!/bin/bash | #!/bin/bash | ||||
base_dir=$(dirname $(dirname $0)) | base_dir=$(dirname $(dirname $0)) | ||||
base_dir="${base_dir}/docker/certs/" | cert_dir="${base_dir}/docker/certs/" | ||||
if [ ! -d "${base_dir}" ]; then | if [ ! -d "${cert_dir}" ]; then | ||||
mkdir -p ${base_dir} | mkdir -p ${cert_dir} | ||||
fi | fi | ||||
if [ ! -f "${base_dir}/ca.key" ]; then | if [ ! -f "${cert_dir}/ca.key" ]; then | ||||
openssl genrsa -out ${base_dir}/ca.key 4096 | openssl genrsa -out ${cert_dir}/ca.key 4096 | ||||
openssl req \ | openssl req \ | ||||
-new \ | -new \ | ||||
-x509 \ | -x509 \ | ||||
-nodes \ | -nodes \ | ||||
-days 3650 \ | -days 3650 \ | ||||
-key ${base_dir}/ca.key \ | -key ${cert_dir}/ca.key \ | ||||
-out ${base_dir}/ca.cert \ | -out ${cert_dir}/ca.cert \ | ||||
-subj '/O=Example CA/' | -subj '/O=Example CA/' | ||||
fi | fi | ||||
if [ -f /etc/pki/tls/openssl.cnf ]; then | if [ -f /etc/pki/tls/openssl.cnf ]; then | ||||
openssl_cnf="/etc/pki/tls/openssl.cnf" | openssl_cnf="/etc/pki/tls/openssl.cnf" | ||||
elif [ -f /etc/ssl/openssl.cnf ]; then | elif [ -f /etc/ssl/openssl.cnf ]; then | ||||
openssl_cnf="/etc/ssl/openssl.cnf" | openssl_cnf="/etc/ssl/openssl.cnf" | ||||
else | else | ||||
echo "No openssl.cnf" | echo "No openssl.cnf" | ||||
exit 1 | exit 1 | ||||
fi | fi | ||||
for name in kolab.mgmt.com kolab.hosted.com; do | export $(cat ${base_dir}/src/.env | xargs) >/dev/null 2>&1 | ||||
openssl genrsa -out ${base_dir}/${name}.key 4096 | |||||
for name in kolab.mgmt.com kolab.hosted.com {{admin,meet}.,}${APP_DOMAIN}; do | |||||
openssl genrsa -out ${cert_dir}/${name}.key 4096 | |||||
openssl req \ | openssl req \ | ||||
-new \ | -new \ | ||||
-key ${base_dir}/${name}.key \ | -key ${cert_dir}/${name}.key \ | ||||
-out ${base_dir}/${name}.csr \ | -out ${cert_dir}/${name}.csr \ | ||||
-subj "/O=Example CA/CN=${name}/" \ | -subj "/O=Example CA/CN=${name}/" \ | ||||
-reqexts SAN \ | -reqexts SAN \ | ||||
-config <(cat ${openssl_cnf} \ | -config <(cat ${openssl_cnf} \ | ||||
<(printf "[SAN]\nsubjectAltName=DNS:${name}")) | <(printf "[SAN]\nsubjectAltName=DNS:${name}")) | ||||
openssl x509 \ | openssl x509 \ | ||||
-req \ | -req \ | ||||
-in ${base_dir}/${name}.csr \ | -in ${cert_dir}/${name}.csr \ | ||||
-CA ${base_dir}/ca.cert \ | -CA ${cert_dir}/ca.cert \ | ||||
-CAkey ${base_dir}/ca.key \ | -CAkey ${cert_dir}/ca.key \ | ||||
-CAcreateserial \ | -CAcreateserial \ | ||||
-out ${base_dir}/${name}.cert \ | -out ${cert_dir}/${name}.cert \ | ||||
-days 28 \ | -days 28 \ | ||||
-extfile <(cat ${openssl_cnf} \ | -extfile <(cat ${openssl_cnf} \ | ||||
<(printf "[SAN]\nsubjectAltName=DNS:${name}")) \ | <(printf "[SAN]\nsubjectAltName=DNS:${name}")) \ | ||||
-extensions SAN | -extensions SAN | ||||
# 'cause java ... | # 'cause java ... | ||||
openssl pkcs8 \ | openssl pkcs8 \ | ||||
-topk8 \ | -topk8 \ | ||||
-inform pem \ | -inform pem \ | ||||
-in ${base_dir}/${name}.key \ | -in ${cert_dir}/${name}.key \ | ||||
-outform pem \ | -outform pem \ | ||||
-nocrypt \ | -nocrypt \ | ||||
-out ${base_dir}/${name}_p8.key | -out ${cert_dir}/${name}_p8.key | ||||
cat ${cert_dir}/${name}.cert \ | |||||
${cert_dir}/ca.cert > ${cert_dir}/${name}.chain.pem | |||||
chmod 644 ${cert_dir}/*.{cert,key,pem} | |||||
done | done |