pkg-monitoring-plugins/plugins/tests/certs/generate-certs.sh

64 lines
1.9 KiB
Bash
Executable file

#!/bin/sh -e
#
# Recreates the https server certificates
#
# Set the GEN_EXPIRED environment variable to also regenerate
# the expired certificate.
cd "$(dirname "$0")"
trap 'rm -f *.csr; rm -f clientca-cert.srl' EXIT
subj() {
c="DE"
st="Bavaria"
l="Munich"
o="Monitoring Plugins"
cn="Monitoring Plugins"
emailAddress="devel@monitoring-plugins.org"
if [ -n "$1" ]; then
# Add to CN
cn="$cn $1"
fi
printf "/C=%s/ST=%s/L=%s/O=%s/CN=%s/emailAddress=%s" \
"$c" "$st" "$l" "$o" "$cn" "$emailAddress"
}
# server
openssl req -new -x509 -days 3560 -nodes \
-keyout server-key.pem -out server-cert.pem \
-subj "$(subj)"
# server, expired
# there is generally no need to regenerate this, as it will stay epxired
[ -n "$GEN_EXPIRED" ] && TZ=UTC faketime -f '2008-01-01 12:00:00' \
openssl req -new -x509 -days 1 -nodes \
-keyout expired-key.pem -out expired-cert.pem \
-subj "$(subj)"
# client, ca
openssl req -new -x509 -days 3560 -nodes \
-keyout clientca-key.pem -out clientca-cert.pem \
-subj "$(subj ClientCA)"
echo "01" >clientca-cert.srl
# client
openssl req -new -nodes \
-keyout client-key.pem -out client-cert.csr \
-subj "$(subj Client)"
openssl x509 -days 3560 -req -CA clientca-cert.pem -CAkey clientca-key.pem \
-in client-cert.csr -out client-cert.pem
# client, intermediate
openssl req -new -nodes \
-keyout clientintermediate-key.pem -out clientintermediate-cert.csr \
-subj "$(subj ClientIntermediate)"
openssl x509 -days 3560 -req -CA clientca-cert.pem -CAkey clientca-key.pem \
-extfile ext.cnf -extensions client_ca \
-in clientintermediate-cert.csr -out clientintermediate-cert.pem
# client, chain
openssl req -new -nodes \
-keyout clientchain-key.pem -out clientchain-cert.csr \
-subj "$(subj ClientChain)"
openssl x509 -days 3560 -req -CA clientca-cert.pem -CAkey clientca-key.pem \
-in clientchain-cert.csr -out clientchain-cert.pem
cat clientintermediate-cert.pem >>clientchain-cert.pem