updated gencerts.sh

Erudika · Aug 22, 2021 · 5a6af9e · 5a6af9e
1 parent 8b356d8
commit 5a6af9e
Showing 1 changed file with 25 additions and 9 deletions.
diff --git a/gencerts.sh b/gencerts.sh
@@ -1,20 +1,31 @@
 #!/bin/bash
 
+NAME=$1 # Use your own domain name
+SECRET=$2 # Keystore password
+CAFILE=$3 # File name of the CA cert and key
+
+read -e -p "Certificate alias: " alias
+alias=$(echo "$alias" | awk '{print tolower($0)}')
 ######################
-# Become a Certificate Authority
+# Become a CA or use existing one
 ######################
 
-# Generate root certificate
-openssl req -x509 -new -nodes -sha256 -days 1024 -newkey rsa:2048 -keyout ParaRootCA.key -out ParaRootCA.pem -subj "/C=BG/CN=Para-Root-CA"
-# Create a Windows-compatible crt file
-openssl x509 -outform pem -in ParaRootCA.pem -out ParaRootCA.crt
+if [[ -z "$SECRET" ]]; then
+	SECRET="secret"
+fi
+
+if [[ -z "$CAFILE" ]]; then
+	CAFILE="${alias^}RootCA"
+	# Generate root certificate
+	openssl req -x509 -new -nodes -sha256 -days 1024 -newkey rsa:2048 -keyout $CAFILE.key -out $CAFILE.pem -subj "/C=BG/CN=$CAFILE"
+	# Create a Windows-compatible crt file
+	openssl x509 -outform pem -in $CAFILE.pem -out $CAFILE.crt
+fi
 
 ######################
 # Create CA-signed certs
 ######################
 
-NAME=$1 # Use your own domain name
-SECRET=$2
 # Create a certificate-signing request
 openssl req -new -nodes -newkey rsa:2048 -keyout $NAME.key -out $NAME.csr -subj "/C=BG/ST=EU/L=Sofia/O=Erudika/CN=$NAME"
 # Create a config file for the extensions
@@ -28,7 +39,7 @@ DNS.1 = $NAME # Be sure to include the domain name here because Common Name is n
 #IP.1 = 192.168.0.10 # Optionally, add an IP address (if the connection which you have planned requires it)
 EOF
 # Create the signed certificate
-openssl x509 -req -sha256 -days 1024 -in $NAME.csr -CA ParaRootCA.pem -CAkey ParaRootCA.key -CAcreateserial -extfile $NAME.ext -out $NAME.pem
+openssl x509 -req -sha256 -days 1024 -in $NAME.csr -CA $CAFILE.pem -CAkey $CAFILE.key -CAcreateserial -extfile $NAME.ext -out $NAME.pem
 # Create a Windows-compatible crt file
 openssl x509 -outform pem -in $NAME.pem -out $NAME.crt
 # Clean up
@@ -37,4 +48,9 @@ rm $NAME.csr $NAME.ext
 ######################
 # Create Java Keystore
 ######################
-openssl pkcs12 -export -out para.p12 -in $NAME.pem -inkey $NAME.key -name para -passin pass:$SECRET -passout pass:$SECRET
+openssl pkcs12 -export -out ${alias}-keystore.p12 -in $NAME.pem -inkey $NAME.key -name ${alias} -passin pass:$SECRET -passout pass:$SECRET
+
+######################
+# Create Java Truststore
+######################
+keytool -v -importcert -file $CAFILE.pem -alias root-ca -keystore ${alias}-truststore.p12 -storepass $SECRET -noprompt