aboutsummaryrefslogtreecommitdiff
path: root/scripts/generate-tls-ca.sh
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/generate-tls-ca.sh')
-rwxr-xr-xscripts/generate-tls-ca.sh32
1 files changed, 32 insertions, 0 deletions
diff --git a/scripts/generate-tls-ca.sh b/scripts/generate-tls-ca.sh
new file mode 100755
index 000000000..9fe82b677
--- /dev/null
+++ b/scripts/generate-tls-ca.sh
@@ -0,0 +1,32 @@
+#!/usr/bin/env sh
+
+set -e
+
+OUTDIR="$(dirname ${0})"
+
+printf 'Output directory: %s\n' "${OUTDIR}"
+
+printf 'ca\ncert_signing_key' > template
+certtool --generate-privkey > "${OUTDIR}/ca-key.pem"
+certtool --generate-self-signed \
+ --template template \
+ --load-privkey "${OUTDIR}/ca-key.pem" \
+ --outfile "${OUTDIR}/ca-cert.pem"
+rm template
+
+printf 'expiration_days = 365' > template
+certtool --generate-crl --load-ca-privkey "${OUTDIR}/ca-key.pem" \
+ --template template \
+ --load-ca-certificate "${OUTDIR}/ca-cert.pem" \
+ --outfile "${OUTDIR}/crl.pem"
+rm template
+
+printf 'encryption_key\nsigning_key' > template
+certtool --generate-privkey > "${OUTDIR}/server-key.pem"
+certtool --generate-certificate \
+ --template template \
+ --load-privkey "${OUTDIR}/server-key.pem" \
+ --load-ca-certificate "${OUTDIR}/ca-cert.pem" \
+ --load-ca-privkey "${OUTDIR}/ca-key.pem" \
+ --outfile "${OUTDIR}/server-cert.pem"
+rm template
Powered by cgit, Themed by Ted Yin.