regen-certs
No OneTemporary
Actions

Size

1 KB

Referenced Files

None

Subscribers

None

regen-certs
View Options

	#!/bin/bash

	base_dir=$(dirname $(dirname $0))

	base_dir="${base_dir}/docker/certs/"

	if [ ! -d "${base_dir}" ]; then
	mkdir -p ${base_dir}
	fi

	if [ ! -f "${base_dir}/ca.key" ]; then
	openssl genrsa -out ${base_dir}/ca.key 4096

	openssl req \
	-new \
	-x509 \
	-nodes \
	-days 3650 \
	-key ${base_dir}/ca.key \
	-out ${base_dir}/ca.cert \
	-subj '/O=Example CA/'
	fi

	if [ -f /etc/pki/tls/openssl.cnf ]; then
	openssl_cnf="/etc/pki/tls/openssl.cnf"
	elif [ -f /etc/ssl/openssl.cnf ]; then
	openssl_cnf="/etc/ssl/openssl.cnf"
	else
	echo "No openssl.cnf"
	exit 1
	fi

	for name in kolab.mgmt.com kolab.hosted.com; do
	openssl genrsa -out ${base_dir}/${name}.key 4096

	openssl req \
	-new \
	-key ${base_dir}/${name}.key \
	-out ${base_dir}/${name}.csr \
	-subj "/O=Example CA/CN=${name}/" \
	-reqexts SAN \
	-config <(cat ${openssl_cnf} \
	<(printf "[SAN]\nsubjectAltName=DNS:${name}"))

	openssl x509 \
	-req \
	-in ${base_dir}/${name}.csr \
	-CA ${base_dir}/ca.cert \
	-CAkey ${base_dir}/ca.key \
	-CAcreateserial \
	-out ${base_dir}/${name}.cert \
	-days 28 \
	-extfile <(cat ${openssl_cnf} \
	<(printf "[SAN]\nsubjectAltName=DNS:${name}")) \
	-extensions SAN

	# 'cause java ...
	openssl pkcs8 \
	-topk8 \
	-inform pem \
	-in ${base_dir}/${name}.key \
	-outform pem \
	-nocrypt \
	-out ${base_dir}/${name}_p8.key
	done