openpkg
/
openpkg-packages
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
93774 Commits
1 Branch
2 Tags
575 MiB
 
 
 
 
 
 
Tree: ab54c4243b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ab54c4243b'
${ noResults }
openpkg-packages/opa/opa-tls.sh

81 lines
2.2 KiB
Raw Blame History

#!@l_bash@
##
## opa-tls -- OPA Server TLS certificate/key generation
##
cd @l_prefix@/etc/opa || exit $?
# generate CA certificate/key pair
if [ ! -f ca.crt ]; then
( echo "{"
echo " \"key\": {"
echo " \"algo\": \"rsa\","
echo " \"size\": 4096"
echo " },"
echo " \"ca\": {"
echo " \"expiry\": \"87600h\","
echo " \"pathlen\": 1"
echo " },"
echo " \"CN\": \"CA\","
echo " \"names\": ["
echo " {"
echo " \"OU\": \"Certificate Authority\""
echo " }"
echo " ]"
echo "}"
) | \
@l_prefix@/bin/cfssl genkey -loglevel=4 -initca - | \
@l_prefix@/bin/cfssl-json -bare ca
rm -f ca.csr
chmod 600 ca.key
chmod 644 ca.crt
chown @l_rusr@:@l_rgrp@ ca.crt
chown @l_rusr@:@l_rgrp@ ca.key
( echo "{"
echo " \"signing\": {"
echo " \"profiles\": {"
echo " \"peer\": {"
echo " \"expiry\": \"87600h\","
echo " \"usages\": ["
echo " \"signing\","
echo " \"key encipherment\","
echo " \"server auth\","
echo " \"client auth\""
echo " ]"
echo " }"
echo " }"
echo " }"
echo "}"
) >ca.json
chmod 644 ca.json
chown @l_rusr@:@l_rgrp@ ca.json
fi
# generate server certificate/key pair
( echo "{"
echo " \"key\": {"
echo " \"algo\": \"rsa\","
echo " \"size\": 4096"
echo " },"
echo " \"CN\": \"$1\","
echo " \"hosts\": ["
i=0
for host in "$@"; do
echo -n " \"$host\""
i=`expr $i + 1`
if [ $i -lt $# ]; then
echo -n ","
fi
echo ""
done
echo " ]"
echo "}"
) | \
@l_prefix@/bin/cfssl gencert -loglevel=4 -ca ca.crt -ca-key ca.key -config ca.json -profile=peer - | \
@l_prefix@/bin/cfssl-json -bare server
rm -f server.csr
chmod 600 server.key
chmod 644 server.crt
chown @l_rusr@:@l_rgrp@ server.crt
chown @l_rusr@:@l_rgrp@ server.key