script pour générer des certifs autosignés
This commit is contained in:
parent
15db356544
commit
fda8ea4064
8
script/self_signed/conf/_conf.sh
Normal file
8
script/self_signed/conf/_conf.sh
Normal file
@ -0,0 +1,8 @@
|
||||
#!/usr/bin/env bash
|
||||
CERTIFICATE_PATH="files"
|
||||
ROOT_CA_KEY="${CERTIFICATE_PATH}/rootCA.key"
|
||||
ROOT_CA_CRT="${CERTIFICATE_PATH}/rootCA.crt"
|
||||
TRAEFIK_DEST_CERT="../../roles/traefik/files/etc/certs/"
|
||||
LOCAL_KEY="${TRAEFIK_DEST_CERT}/local.fr.key"
|
||||
LOCAL_CRT="${TRAEFIK_DEST_CERT}/local.fr.crt"
|
||||
LOCAL_CSR="${TRAEFIK_DEST_CERT}/local.fr.csr"
|
12
script/self_signed/files/local.cnf
Normal file
12
script/self_signed/files/local.cnf
Normal file
@ -0,0 +1,12 @@
|
||||
[ req ]
|
||||
prompt = no
|
||||
distinguished_name = req_distinguished_name
|
||||
|
||||
[ req_distinguished_name ]
|
||||
C = FR
|
||||
ST = France
|
||||
L = Toulouse
|
||||
O = local.fr
|
||||
OU = local
|
||||
CN = local
|
||||
emailAddress = local.fr
|
7
script/self_signed/files/local.fr.v3.ext
Normal file
7
script/self_signed/files/local.fr.v3.ext
Normal file
@ -0,0 +1,7 @@
|
||||
authorityKeyIdentifier=keyid,issuer
|
||||
basicConstraints=CA:FALSE
|
||||
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
|
||||
subjectAltName = @alt_names
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = *.local.fr
|
31
script/self_signed/files/rootCA.crt
Normal file
31
script/self_signed/files/rootCA.crt
Normal file
@ -0,0 +1,31 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFZTCCA02gAwIBAgIUATlkPDpIjH7jaqObcTtQNMHtNt4wDQYJKoZIhvcNAQEL
|
||||
BQAwQjELMAkGA1UEBhMCRlIxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UE
|
||||
CgwTRGVmYXVsdCBDb21wYW55IEx0ZDAeFw0yMjEwMDgxNTA5MTBaFw0yNTA3Mjgx
|
||||
NTA5MTBaMEIxCzAJBgNVBAYTAkZSMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAa
|
||||
BgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQwggIiMA0GCSqGSIb3DQEBAQUAA4IC
|
||||
DwAwggIKAoICAQDcmqdBzfvljjqp/80+7Uzb8lZ9xJeJTsWcDddHVlT/XzW9nUO8
|
||||
PMjdef39aMLXzO3tsMCoJ+ch9E9zKYi37usizoec5tj3IYLganlJykYgJPeT8SKr
|
||||
mxv2lJbtsllUpB3+surv0NvCMOK5r8GNSOKU/pB3+MD2o23JR1XkBoSXDubU3Dtv
|
||||
ealann/zUNFrolFOPDxzBD5U0x8SOD+s7ZdLjlpz7kqLOWrL0DHrBRmpvCAJNQLU
|
||||
mWH87kaALstvTR47be0X5+YOwcys3k26vQCxoDXtV0PaRrJCc1CLDllGmeI8mxLa
|
||||
hs7EkkpndkmnMFNK8YQVyeWJQ70+m+fa07AdH7ZFztMf1lk06Z0i1LfMYpZ+pWYi
|
||||
w2BDebAmYc5Y7E32jQTlixZrrq2lmDrsBZLdwv7FjAUv3sM4w9ynjRJ49dmoxTwq
|
||||
+78rHWhr6HzH2Gvv41Hajdr0caBJAlLaVya9UL7FbTmHku91BGQ3vxjS16c0oXMd
|
||||
tBabCf5Uk7CFZYu0icLDRq1I+C7nOyggPuB5wWHH6h/AVQA/s5BYhqgfb7S0kegp
|
||||
DHjjur7yhMTv5j3iJpM9n9qPiXGT0Jo6nqeIXO8z/FuRSBUd3Q649ceSlEFBnGyu
|
||||
EmnRcnozSqszwNJa90ipsGRU1M7ArUk5GTQvToooqRCTsj8F8r5yXAkv1QIDAQAB
|
||||
o1MwUTAdBgNVHQ4EFgQUZEj1ZQDuf7yPxxLCp0JqiSOM7oUwHwYDVR0jBBgwFoAU
|
||||
ZEj1ZQDuf7yPxxLCp0JqiSOM7oUwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
|
||||
AQsFAAOCAgEAW+lZATkVFybRHLtBx+02pHNJ8H7HYA/4+kMu7AaqENKn/pmryy6N
|
||||
UJ61CKcY/UXUPNeAysa4Q+6/JDCXOIQSLlPuxlMimq2kpOiGOzEtzWG2MqTOK1hk
|
||||
vkJweXxrh1AVYSBLVOGl2DrgKILPIVwvMFQjMQAz4QKMz6C0sNQ52Pth2sEQtmnx
|
||||
1mY0c4b3MfnDtrEQIQqjydjqjUZ26Q1xq34uGCZchXKCax9H1QwPHusF0BvRJyJU
|
||||
AT/QSBXoz1qS98uwQ6dkm/LBfUSjx4OKC7Eiauo9FspUDBoRvK1tM4smJxdGay9l
|
||||
z7fAZ082lHGaByyOEk2wopsEXfwxUXv+ZYx+9zFKZthP1Tnc+jyHwFAyMm2WP/T4
|
||||
y3dEraTeNKx4VqhRBdGmygYVxuiCP9a+Yks9ZU6xBGgvJmOiMmL2ZJ6UBa77xnld
|
||||
v1864p4P4Dw3y2mZwmAElmABuKVvW2OblOSG+m75735s62cQFfD0O/28S0gEAqYO
|
||||
z6wiJ1hLlR4ssjhzlk8ZnS74SsCLnrtwvV+jOsOSxQLxcVxvZsgEPjY2vF/nU73Y
|
||||
e2XhlxpK9uzB2vEPr/K3Bc1Lm8BV0JfOtWsou1UkYl7M8yQ1FkXu2afWeuGWMMvb
|
||||
O5u8ZUg9lEE9sq/vP9ChKyhJHRpSfNPd7pPxh6cA5NZBYxHmQ0TmVUM=
|
||||
-----END CERTIFICATE-----
|
52
script/self_signed/files/rootCA.key
Normal file
52
script/self_signed/files/rootCA.key
Normal file
@ -0,0 +1,52 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDcmqdBzfvljjqp
|
||||
/80+7Uzb8lZ9xJeJTsWcDddHVlT/XzW9nUO8PMjdef39aMLXzO3tsMCoJ+ch9E9z
|
||||
KYi37usizoec5tj3IYLganlJykYgJPeT8SKrmxv2lJbtsllUpB3+surv0NvCMOK5
|
||||
r8GNSOKU/pB3+MD2o23JR1XkBoSXDubU3Dtvealann/zUNFrolFOPDxzBD5U0x8S
|
||||
OD+s7ZdLjlpz7kqLOWrL0DHrBRmpvCAJNQLUmWH87kaALstvTR47be0X5+YOwcys
|
||||
3k26vQCxoDXtV0PaRrJCc1CLDllGmeI8mxLahs7EkkpndkmnMFNK8YQVyeWJQ70+
|
||||
m+fa07AdH7ZFztMf1lk06Z0i1LfMYpZ+pWYiw2BDebAmYc5Y7E32jQTlixZrrq2l
|
||||
mDrsBZLdwv7FjAUv3sM4w9ynjRJ49dmoxTwq+78rHWhr6HzH2Gvv41Hajdr0caBJ
|
||||
AlLaVya9UL7FbTmHku91BGQ3vxjS16c0oXMdtBabCf5Uk7CFZYu0icLDRq1I+C7n
|
||||
OyggPuB5wWHH6h/AVQA/s5BYhqgfb7S0kegpDHjjur7yhMTv5j3iJpM9n9qPiXGT
|
||||
0Jo6nqeIXO8z/FuRSBUd3Q649ceSlEFBnGyuEmnRcnozSqszwNJa90ipsGRU1M7A
|
||||
rUk5GTQvToooqRCTsj8F8r5yXAkv1QIDAQABAoICAAfsou3JX+85jOBBbkErQLO1
|
||||
QKfI5uae8UNEo1iOgIQh3+on8DXJUIUq1isDAd4YSu2wXTiid6TabqYvi5fhLwoe
|
||||
NXSMkvuhn7QUWbdYWuzZrG5giZh00cF+9JhPlpzkk6fsC7tsmxBJNZkU9/9tavzj
|
||||
fhNeg1P4v+oB3tMk7CC0VNS4SobxGFpxz3J76IyUv+tEXP7cBqnWYaCDwRR4U73P
|
||||
kcPl/0CBYgA17NfJOZ2awo3Xcnq/kxZaWtGiR1rVVYIuAIfMzpCgzouL0BVRUmk5
|
||||
sjuMgxqf/Smc6dDs8DEJ4xIT7KPz7BEsmMae/aX8pZP6GVQNChVEXSkWwZ00iyLC
|
||||
QbC+68sbExlBTF/3Cs+XTdky9xn0JISO9v0vgFbqON7oeEpvrRl/1v/uJ4B0jnAQ
|
||||
yHRetFey9f4yTzBe58p17qJTuYpo40xUGdoV5448Yeb/bp5tdVkCEKxajMB5h1l3
|
||||
FC7bzmwtdNqH18UOK/M51HJy/ljLQJlj/cGZFnKbhf4v1mlifDwzg78HvBKtv6hZ
|
||||
Tsz8o8NA0eCxfBhmsTOvNk5WZsJaD1wt6c0W7eeaxkUm+KMDg7vuNdnXnG7QjJIh
|
||||
bVgXqORNg8ldA7kNkEnRwHMefsQ5mz3I7FQGNH0Og0WOaad0CTIw16ucK0/KngVI
|
||||
gALWBMANbnaqGIJglVNxAoIBAQD6XSBiT8rHLmhDEi+FjDm6K/U4o/gPdMvODgyz
|
||||
qxGrGBTthvx0dbgdWE2GzyoS7OT7lf0k8lpCL2gVnSWvyjcsXsMvAwKNgH8Lb/Hw
|
||||
CCrfrqQKPabYOE5c1+HVi8BGYLmmwKsywLxpjyYMig8RATdAVOCIIa7C77zNHWVQ
|
||||
bnp9fQsBEG9h31/YE9tg81VvjeYhOnGdCqvN2TshFCijZgW/ZZsW6YvZul+em9WZ
|
||||
jSbHhowNhvgawouhnJs9ThtZ2LRqAa1f3/IBzU+vzAxhpvsAz7atFepr8i9jd3Ii
|
||||
aZns1t03zK4Uv3I4SSAGmf8gqVqhmujW29iQw7cWxph7Wyw5AoIBAQDhkgTJ61el
|
||||
rpjF5q7dRI0eGec8euBQXkv1HtSqXYT/AlKkkCKeAmNk6WxQVhsTJ/YSlcSPqoYW
|
||||
VLoVYq8ulisEbUHxgnRXXjPK+lKrDRekEVTo6BFEBeF27A/B2nk9ZUBjCiAaCSb0
|
||||
RRHVQdtVaVJJJw33RHGKgnyqxBb9OOex5GSAGFvztQ+FWfezX6WDHHv+7ORKSEFu
|
||||
EqUqNIBYPJqmSZpDsCV0h238tmMtn94R4UPNfoa2lNKGJldwofcJI23I5rosXsXj
|
||||
ejifNtBS8/KSWE9nZ26zA0DS/YEakkKPtdDA5Km0HPxX2PdkMkjbukWVy2sGd0Yx
|
||||
nDXqEVq12Vh9AoIBAC1Lxf0jdIt+0Ow5kRF3YkZVh6M8vzeEqQ7ZqeCjtamfzMGA
|
||||
p5Imbi4Y+MXIG1ObOn5uD4OsuTm6O/mVGelpC3xilKufvsl9Ev8tvLbxs1gOz6zu
|
||||
pI3/+eWARWKOSzYwb8ZEm3SuPChY9shT/g/UiXuBH7Jhba3lE+KES/02T8D+a4xA
|
||||
vfYWJNACH7G1tKJfKOCgI0gHUzgF8lW0wPl3Dtkm9904Wc4FkyEuDoIecIKuzA3y
|
||||
elbVFdAidk+sHvStaU64iPaMnMtIqv8iSqcsP8NQ0TsVePkYswwq4yJouqmH4jQj
|
||||
OueUD4UxbbLkD62IFlagoTmmQtNGJYzgV1wSDbkCggEAEuf/OMFd/kgNDAFSxL77
|
||||
KPu40uvlozbUHP5xirn97LXQIXTnQeEnXYznBDDDYi6mRFaDPBtp07NUSXiVAE2b
|
||||
22og7dImWDBQHQIwLaASTDEbsc3JrK7lf+c3RuM96DR1Whe+KxB7UFv9q6cycA08
|
||||
1V7Nn9z/u0FGm7WFy8GaQeHHvqjMBDg3zdCFn2Yz5DJd/jbyx3sY6NXtPAVcgIjL
|
||||
2YYvxN6dtQ+o21aaJ3fP0CXWXgHt3p3Iq2/JQmqA3yY2DHGyRwfGhFN5LXcVrO4/
|
||||
dZ6rQRp9P8nVBBo1WPnLVGpDzfccdjk7uU05Jw/D5Y7OSEjddpRGsN/L8Qt1U+qc
|
||||
rQKCAQAaKqbkfnf7JtEpcynxYNwMpxzlGP24kK/POZMBzW9RpERlTtH5pWhlj7OJ
|
||||
WxSkL7FBq//Tpju9gW/lFeLJWPoEykrW8ETLznlkEHZM2LocNHNQeCJcyStGFgsg
|
||||
y2Iw2sEJt5I/cVu1LYFfTrD1Ho+gjIunLqOHR5KcFeiZm83QwUuEt4d0hH7S6ay2
|
||||
4hrmSy2J3sNsl7d6Q7lmN2Z1Q8XoJqds16UOzm6qw0KuYs8L60AdvG3nsoI1dTmC
|
||||
lFLd4QvIuDoN4rq4pB26efg2JmZtA5m/WpU2VJsHNiBFp29R6EWJdH37mhH0rIWw
|
||||
lVPNis5NWoqUCgec9+i8AD/sLAcV
|
||||
-----END PRIVATE KEY-----
|
127
script/self_signed/selfsigned.sh
Executable file
127
script/self_signed/selfsigned.sh
Executable file
@ -0,0 +1,127 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
IFS=$'\n\t'
|
||||
|
||||
#/ Usage: selfsigned.sh
|
||||
#/ Version: 1.0
|
||||
#/ Description: Script de génération automatique de certificat
|
||||
#/ Examples:
|
||||
#/ selfsigned.sh
|
||||
|
||||
#/
|
||||
#/ Options:
|
||||
#/ -h|--help : Display this help message
|
||||
#/ -g|--generate-rootca : regenerate root ca, if present clean it
|
||||
#/ -v|--verbose : verbose mode default: false
|
||||
|
||||
|
||||
|
||||
|
||||
function usage() { grep '^#/' "$0" | cut -c4- ; exit 0 ; }
|
||||
|
||||
#######################################################
|
||||
## LOGGING FRAMEWORK
|
||||
readonly NORMAL="\\e[0m"
|
||||
readonly RED="\\e[1;31m"
|
||||
readonly BOLD="\\e[1m"
|
||||
readonly YELLOW="\\e[1;33m"
|
||||
readonly GREEN="\\e[32m"
|
||||
readonly DIM="\\e[2m"
|
||||
LOG_FILE="/tmp/$(basename "$0").log"; readonly LOG_FILE
|
||||
function log() {
|
||||
( flock -n 200
|
||||
color="$1"; level="$2"; message="$3"
|
||||
printf "${color}%-9s %s\\e[m\\n" "[${level}]" "$message" | tee -a "$LOG_FILE" >&2
|
||||
) 200>"/var/lock/.$(basename "$0").log.lock"
|
||||
}
|
||||
function debug() { if [ "$verbose" = true ]; then log "$DIM" "DEBUG " "$*"; fi }
|
||||
function info() { log "$NORMAL" "INFO " "$*"; }
|
||||
function important() { log "$YELLOW" "IMPORTANT " "$*"; }
|
||||
function warn() { log "$YELLOW" "WARNING" "$*"; }
|
||||
function error() { log "$RED" "ERROR " "$*"; }
|
||||
function fatal() { log "$RED" "FATAL " "$*"; exit 1 ; }
|
||||
function source_defs {
|
||||
resource=$1
|
||||
if [ -f "$resource" ]; then
|
||||
# shellcheck source=_functions.sh
|
||||
# shellcheck disable=SC1091
|
||||
source "$resource"
|
||||
else
|
||||
# shellcheck source=_functions.sh
|
||||
# shellcheck disable=SC1091
|
||||
source "${0%/*}/.irun-resources/$resource"
|
||||
fi
|
||||
}
|
||||
|
||||
#######################################################
|
||||
|
||||
function cleanup() {
|
||||
# Remove temporary files
|
||||
# Restart services
|
||||
# ...
|
||||
return
|
||||
}
|
||||
|
||||
function check_prerequisites() {
|
||||
if ! command -v openssl > /dev/null; then
|
||||
echo "Missing openssl: install it "
|
||||
return
|
||||
fi
|
||||
}
|
||||
|
||||
function cleaning_files() {
|
||||
local files; files="$1"
|
||||
if [[ -f "${files}" ]]; then
|
||||
debug "${files} exists."
|
||||
info "cleaning..${files}"
|
||||
rm -f "${files}"
|
||||
else
|
||||
info "${files} doesn't exist no need clean"
|
||||
fi
|
||||
}
|
||||
|
||||
if [[ "${BASH_SOURCE[0]}" = "$0" ]]; then
|
||||
trap cleanup EXIT
|
||||
|
||||
# Parse command line arguments
|
||||
# All entry parameters quand be used globally
|
||||
POSITIONAL=()
|
||||
verbose=false
|
||||
generate_root_ca=false
|
||||
while [[ $# -gt 0 ]]; do
|
||||
key="$1"
|
||||
case $key in
|
||||
-h|--help)
|
||||
usage
|
||||
;;
|
||||
-v|--verbose)
|
||||
declare -r verbose=true
|
||||
shift
|
||||
;;
|
||||
-g|--generate-rootca)
|
||||
declare -r generate_root_ca=true
|
||||
shift
|
||||
;;
|
||||
*) # unknown option
|
||||
POSITIONAL+=("$1") # save it in an array for later
|
||||
shift # past argument
|
||||
;;
|
||||
esac
|
||||
done
|
||||
set -- "${POSITIONAL[@]}" # restore positional parameters
|
||||
|
||||
source_defs conf/_conf.sh
|
||||
check_prerequisites
|
||||
if [ "${generate_root_ca}" = "true" ]; then
|
||||
cleaning_files "${ROOT_CA_KEY}"
|
||||
cleaning_files "${ROOT_CA_CRT}"
|
||||
openssl genrsa -out "${ROOT_CA_KEY}" 4096
|
||||
openssl req -x509 -new -nodes -key "${ROOT_CA_KEY}" -sha256 -days 1024 -out "${ROOT_CA_CRT}"
|
||||
openssl genrsa -out "${LOCAL_KEY}"
|
||||
fi
|
||||
openssl genrsa -out "${LOCAL_KEY}"
|
||||
openssl req -config "${CERTIFICATE_PATH}/local.cnf" -new -key "${LOCAL_KEY}" -out "${LOCAL_CSR}"
|
||||
openssl x509 -req -in "${LOCAL_CSR}" \
|
||||
-CA "${ROOT_CA_CRT}" -CAkey "${ROOT_CA_KEY}" -CAcreateserial \
|
||||
-out "${LOCAL_CRT}" -extfile "${CERTIFICATE_PATH}/local.fr.v3.ext" -days 365 -sha256
|
||||
fi
|
Loading…
x
Reference in New Issue
Block a user