lamassu/lamassu-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

cert-gen script echo specific message and exit on each openssl operation fail (#712)

Browse source
This commit is contained in:
Davit Abulashvili 2018-11-15 19:10:46 +04:00 committed by Josh Harvey
parent a377777b12
commit 9af204e609
1 changed files with 46 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

74
bin/cert-gen.sh
View file

@ -30,39 +30,57 @@ CA_KEY_PATH=$KEY_DIR/Lamassu_OP_Root_CA.key
CA_PATH=$CERT_DIR/Lamassu_OP_Root_CA.pem CA_PATH=$CERT_DIR/Lamassu_OP_Root_CA.pem
SERVER_KEY_PATH=$KEY_DIR/Lamassu_OP.key SERVER_KEY_PATH=$KEY_DIR/Lamassu_OP.key
SERVER_CERT_PATH=$CERT_DIR/Lamassu_OP.pem SERVER_CERT_PATH=$CERT_DIR/Lamassu_OP.pem
red=`tput setaf 1`
reset=`tput sgr0`
OPENSSL_ERROR_HINT="Make sure that you have installed openssl 1.0 version"
openssl genrsa \ print_error () {
-out $CA_KEY_PATH \ echo "${red}Error: ${reset} $1"
4096 >> $LOG_FILE 2>&1 echo $2 # hint
}
openssl req \ {
-x509 \ openssl genrsa \
-sha256 \ -out $CA_KEY_PATH \
-new \ 4096 >> $LOG_FILE 2>&1
-nodes \ } || { print_error "openssl genrsa to CA_KEY_PATH failed" "$OPENSSL_ERROR_HINT"; exit 1; }
-key $CA_KEY_PATH \
-days 3560 \
-out $CA_PATH \
-subj "/C=IS/ST=/L=Reykjavik/O=Lamassu Operator CA/CN=lamassu-operator.is" \
>> $LOG_FILE 2>&1
openssl genrsa \ {
-out $SERVER_KEY_PATH \ openssl req \
4096 >> $LOG_FILE 2>&1 -x509 \
-sha256 \
-new \
-nodes \
-key $CA_KEY_PATH \
-days 3560 \
-out $CA_PATH \
-subj "/C=IS/ST=/L=Reykjavik/O=Lamassu Operator CA/CN=lamassu-operator.is" \
>> $LOG_FILE 2>&1
} || { print_error "openssl req with CA_KEY_PATH failed" "$OPENSSL_ERROR_HINT"; exit 1; }
openssl req -new \ {
-key $SERVER_KEY_PATH \ openssl genrsa \
-out /tmp/Lamassu_OP.csr.pem \ -out $SERVER_KEY_PATH \
-subj "/C=IS/ST=/L=Reykjavik/O=Lamassu Operator/CN=$DOMAIN" \ 4096 >> $LOG_FILE 2>&1
>> $LOG_FILE 2>&1 } || { print_error "openssl genrsa SERVER_KEY_PATH failed" "$OPENSSL_ERROR_HINT"; exit 1; }
openssl x509 \ {
-req -in /tmp/Lamassu_OP.csr.pem \ openssl req -new \
-CA $CA_PATH \ -key $SERVER_KEY_PATH \
-CAkey $CA_KEY_PATH \ -out /tmp/Lamassu_OP.csr.pem \
-CAcreateserial \ -subj "/C=IS/ST=/L=Reykjavik/O=Lamassu Operator/CN=$DOMAIN" \
-out $SERVER_CERT_PATH \ >> $LOG_FILE 2>&1
-days 3650 >> $LOG_FILE 2>&1 } || { print_error "openssl req with SERVER_KEY_PATH failed" "$OPENSSL_ERROR_HINT"; exit 1; }
{
openssl x509 \
-req -in /tmp/Lamassu_OP.csr.pem \
-CA $CA_PATH \
-CAkey $CA_KEY_PATH \
-CAcreateserial \
-out $SERVER_CERT_PATH \
-days 3650 >> $LOG_FILE 2>&1
} || { print_error "openssl x509 failed" "$OPENSSL_ERROR_HINT"; exit 1; }
rm /tmp/Lamassu_OP.csr.pem rm /tmp/Lamassu_OP.csr.pem