]> mj.ucw.cz Git - eval.git/blob - submit/create-certs
Added a switch for defining new path rules.
[eval.git] / submit / create-certs
1 #!/bin/sh
2 # A script for creation of all the certificates used by submitd
3 # (c) 2007 Martin Mares <mj@ucw.cz>
4
5 set -e
6 if [ ! -f submit/ca-cert.tpl ] ; then
7         echo >&2 "Please run from the MO root directory."
8         exit 1
9 fi
10
11 umask 033
12 rm -rf certs
13 mkdir certs
14
15 echo "### Creating CA certificate ###"
16 submit/privkey >certs/ca-key.pem
17 certtool --generate-self-signed --load-privkey certs/ca-key.pem --outfile certs/ca-cert.pem --template submit/ca-cert.tpl
18
19 echo "### Creating server certificate ###"
20 submit/privkey >certs/server-key.pem
21 certtool --generate-request --load-privkey certs/server-key.pem --outfile certs/server-req.pem --template submit/server-cert.tpl
22 certtool --generate-certificate --load-request certs/server-req.pem --outfile certs/server-cert.pem --load-ca-certificate certs/ca-cert.pem --load-ca-privkey certs/ca-key.pem --template submit/server-cert.tpl
23
24 seq=1
25 for user in `bin/mo-get-users` ; do
26         seq=$(($seq+1))
27         echo "### Creating certificate for user #$seq ($user) ###"
28         sed <submit/client-cert.tpl >certs/$user-cert.tpl "s/cn = \".*\"/cn = \"$user\"/; s/serial = .*/serial = $seq/;"
29         submit/privkey >certs/$user-key.pem
30         certtool --generate-request --load-privkey certs/$user-key.pem --outfile certs/$user-req.pem --template certs/$user-cert.tpl
31         certtool --generate-certificate --load-request certs/$user-req.pem --outfile certs/$user-cert.pem --load-ca-certificate certs/ca-cert.pem --load-ca-privkey certs/ca-key.pem --template certs/$user-cert.tpl
32 done