gen-certs.sh 1.63 KB
Newer Older
Jacob Priddy's avatar
Jacob Priddy committed
1
2
3
4
5
6
#!/bin/bash

echo "Generating cert for domain: $1"

DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"

7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
echo "Generating root certificate..."
openssl ecparam -out "${DIR}/certs/root.key" -name secp256r1 -genkey
# First generate private key for the root certificate as well as a certificate request
openssl req -new -key "${DIR}/certs/root.key" -nodes -out "${DIR}/certs/root.csr" \
    -subj "/C=US/ST=Washington/L=College Place/O=WWU/OU=$1 ROOT CA ISSUER/CN=$1"
# Now generate the root certificate good for 50 years
openssl x509 -signkey "${DIR}/certs/root.key" -days 18250 -req -in \
  "${DIR}/certs/root.csr" -out "${DIR}/certs/root.cert"
# Delete the certificate request
rm "${DIR}/certs/root.csr"
echo "Root certificate generated."

echo "Generating webserver private key and certificate request..."
# Now generate a webserver certificate in the chain of the root
openssl ecparam -out "${DIR}/certs/webserver.key" -name secp256r1 -genkey

openssl req -new -key "${DIR}/certs/webserver.key" -nodes \
Jacob Priddy's avatar
Jacob Priddy committed
24
    -subj "/C=US/ST=Washington/L=College Place/O=WWU/CN=$1" \
25
26
27
28
29
30
31
32
    -out "${DIR}/certs/webserver.csr"

echo "Private key and certificate request generated. Signing certificate request with the CA cert..."
# Sign the certificate with the root ca
openssl x509 -req -days 365 -in "${DIR}/certs/webserver.csr" -CA "${DIR}/certs/root.cert" \
    -CAkey "${DIR}/certs/root.key" -set_serial 01 -out "${DIR}/certs/webserver.cert"

rm "${DIR}/certs/webserver.csr"
33
echo "Request signed, you must copy the public certificate to the root directory of the door controller project when flashing a new board with then name \"doorcode_root_cert.pem\""
Jacob Priddy's avatar
Jacob Priddy committed
34

35
echo "Done!"