49 lines
1.6 KiB
Bash
49 lines
1.6 KiB
Bash
#!/bin/sh
|
|
|
|
#
|
|
# generate a self-signed certificate
|
|
#
|
|
|
|
# check for null hostname
|
|
if [ -z "$1" ]; then
|
|
printf "\nPlease supply a hostname for the generated certificate as a parameter to this script. Exiting.\n\n"
|
|
exit 1
|
|
fi
|
|
|
|
# update openssl configuration file
|
|
sed -e "s/{CERT_HOSTNAME}/$1/" /etc/selfsigned.cnf > /tmp/selfsigned.cnf
|
|
|
|
printf "\nGenerating self-signed certificate for '%s':\n" "$1"
|
|
|
|
# create placeholder files to set permissions
|
|
if ! touch /certs/fullchain.pem && chmod 644 /certs/fullchain.pem; then
|
|
printf "\nUnable to write to '/certs', is it mounted writable by this container?\n\n"
|
|
exit 2
|
|
fi
|
|
touch /certs/privkey.pem && chmod 640 /certs/privkey.pem
|
|
|
|
# generate certificate
|
|
if ! openssl req -new -x509 -days 365 -nodes -out /certs/fullchain.pem -keyout /certs/privkey.pem -config /tmp/selfsigned.cnf; then
|
|
printf "\nUnable to generate certificate. Is the '/certs' directory writable by this container?\n\n"
|
|
exit 3
|
|
fi
|
|
\cp /certs/fullchain.pem /certs/chain.pem
|
|
|
|
# print user notification
|
|
printf "\n\nA self-signed certificate has been generated and saved in the location mounted to '/certs' in this container.\n"
|
|
printf "The certificate and private key are PEM formatted with names 'fullchain.pem' and 'privkey.pem', respectively.\n"
|
|
printf "Remember to import 'fullchain.pem' to the trusted store on any client machines or you will get warnings.\n\n"
|
|
|
|
# exit gracefully
|
|
exit 0
|
|
|
|
|
|
#
|
|
# exit codes
|
|
# 0: normal exit, no errors
|
|
# 1: invalid or missing parameters
|
|
# 2: unable to write to certs directory
|
|
# 3: unable to generate certificate
|
|
|
|
#EOF
|