github.com/vmware/transport-go@v1.3.4/plank/scripts/create-selfsigned-cert.sh

github.com/vmware/transport-go@v1.3.4/plank/scripts/create-selfsigned-cert.sh (about)

     1  #!/bin/bash
     2  # Copyright 2021 VMware, Inc. All Rights Reserved.
     3  #
     4  
     5  COLOR_RESET="\033[0m"
     6  COLOR_RED="\033[38;5;9m"
     7  COLOR_LIGHTCYAN="\033[1;36m"
     8  COLOR_LIGHTGREEN="\033[1;32m"
     9  
    10  ROOT=$(cd $(dirname $0)/.. ; pwd)
    11  CERT_OUTPUT_DIR=${ROOT}/cert
    12  
    13  RSA_KEYSIZE=${RSA_KEYSIZE:-2048}
    14  CA_CERT_NAME=${CA_CERT_NAME:-ca.crt}
    15  CA_KEY_NAME=${CA_KEY_NAME:-ca.key}
    16  SERVER_CSR_NAME=${SERVER_CSR_NAME:-server.csr}
    17  SERVER_CERT_NAME=${SERVER_CERT_NAME:-server.crt}
    18  SERVER_KEY_NAME=${SERVER_KEY_NAME:-server.key}
    19  FULLCHAIN_NAME=${FULLCHAIN_NAME:-fullchain.pem}
    20  
    21  error() {
    22    echo -e "${COLOR_RED}ERROR: $1${COLOR_RESET}" >&2
    23    exit 1
    24  }
    25  
    26  warn() {
    27    echo -e "${COLOR_RED}WARNING: $1${COLOR_RESET}"
    28  }
    29  
    30  info() {
    31    echo -e "${COLOR_LIGHTCYAN}$1${COLOR_RESET}"
    32  }
    33  
    34  success() {
    35    echo -e "${COLOR_LIGHTGREEN}$1${COLOR_RESET}"
    36  }
    37  
    38  _trap() {
    39    echo interrupted >&2
    40    exit 1
    41  }
    42  
    43  trap '_trap' SIGINT SIGTERM
    44  
    45  # check for OpenSSL library
    46  if [[ $(openssl version 1>/dev/null 2>&1 ; echo $?) -gt 0 ]] ; then
    47    error "OpenSSL not installed"
    48  fi
    49  
    50  mkdir -p ${CERT_OUTPUT_DIR}
    51  info "Generating a new RSA key"
    52  openssl genrsa -out ${CERT_OUTPUT_DIR}/${CA_KEY_NAME} ${RSA_KEYSIZE}
    53  if [ $? -gt 0 ] ; then
    54    error "Failed to generate key"
    55  fi
    56  info "Generating a new CA certificate"
    57  openssl req -new \
    58              -x509 \
    59              -key ${CERT_OUTPUT_DIR}/${CA_KEY_NAME} \
    60              -out ${CERT_OUTPUT_DIR}/${CA_CERT_NAME} \
    61              -days 365 \
    62              -subj "/C=US/ST=California/O=Your Company/OU=Your Organization/CN=CA"
    63  if [ $? -gt 0 ] ; then
    64    error "Failed to generate certificate"
    65  fi
    66  success "OK"
    67  
    68  echo
    69  info "Generating a new certificate signing request"
    70  openssl req -newkey rsa:${RSA_KEYSIZE} \
    71              -keyout ${CERT_OUTPUT_DIR}/${SERVER_KEY_NAME} \
    72              -out ${CERT_OUTPUT_DIR}/${SERVER_CSR_NAME} \
    73              -subj "/C=US/ST=California/O=Your Company/OU=Your Organization/CN=localhost" \
    74              -nodes
    75  if [ $? -gt 0 ] ; then
    76    error "Failed to generate certificate signing request"
    77  fi
    78  success "OK"
    79  
    80  echo
    81  info "Signing certificate"
    82  openssl x509 -req \
    83               -days 365 \
    84               -sha256 \
    85               -in ${CERT_OUTPUT_DIR}/${SERVER_CSR_NAME} \
    86               -out ${CERT_OUTPUT_DIR}/${SERVER_CERT_NAME} \
    87               -extfile <(printf "subjectAltName=DNS:localhost") \
    88               -CA ${CERT_OUTPUT_DIR}/${CA_CERT_NAME} \
    89               -CAkey ${CERT_OUTPUT_DIR}/${CA_KEY_NAME} \
    90               -CAcreateserial
    91  if [ $? -gt 0 ] ; then
    92    error "Failed to sign certificate"
    93  fi
    94  success "OK"
    95  
    96  echo
    97  info "Creating a certificates chain"
    98  cat ${CERT_OUTPUT_DIR}/${SERVER_CERT_NAME} > ${CERT_OUTPUT_DIR}/${FULLCHAIN_NAME}
    99  cat ${CERT_OUTPUT_DIR}/${CA_CERT_NAME} >> ${CERT_OUTPUT_DIR}/${FULLCHAIN_NAME}
   100  success "Done"