submit/create-certs.sh

   1 #!/bin/bash
   2 # A script for creation of all the certificates used by submitd
   3 # (c) 2007 Martin Mares <mj@ucw.cz>
   4
   5 set -e
   6 if [ ! -f lib/ca-cert.tpl ] ; then
   7         echo >&2 "Please run from the MO root directory."
   8         exit 1
   9 fi
  10
  11 umask 033
  12 rm -rf certs
  13 mkdir certs
  14
  15 echo "### Creating CA certificate ###"
  16 bin/privkey >certs/ca-key.pem
  17 certtool --generate-self-signed --load-privkey certs/ca-key.pem --outfile certs/ca-cert.pem --template lib/ca-cert.tpl
  18
  19 echo "### Creating server certificate ###"
  20 bin/privkey >certs/server-key.pem
  21 certtool --generate-request --load-privkey certs/server-key.pem --outfile certs/server-req.pem --template lib/server-cert.tpl
  22 certtool --generate-certificate --load-request certs/server-req.pem --outfile certs/server-cert.pem --load-ca-certificate certs/ca-cert.pem --load-ca-privkey certs/ca-key.pem --template lib/server-cert.tpl
  23
  24 seq=1
  25 for user in `bin/mo-get-users` ; do
  26         seq=$(($seq+1))
  27         echo "### Creating certificate for user #$seq ($user) ###"
  28         sed <lib/client-cert.tpl >certs/$user-cert.tpl "s/cn = \".*\"/cn = \"$user\"/; s/serial = .*/serial = $seq/;"
  29         bin/privkey >certs/$user-key.pem
  30         certtool --generate-request --load-privkey certs/$user-key.pem --outfile certs/$user-req.pem --template certs/$user-cert.tpl
  31         certtool --generate-certificate --load-request certs/$user-req.pem --outfile certs/$user-cert.pem --load-ca-certificate certs/ca-cert.pem --load-ca-privkey certs/ca-key.pem --template certs/$user-cert.tpl
  32 done