Skip to content

Instantly share code, notes, and snippets.

@stintel

stintel/gen.sh

Created August 17, 2017 00:02
Show Gist options
  • Save stintel/99ecf870dad83cc79379e2616b57bfd9 to your computer and use it in GitHub Desktop.
Save stintel/99ecf870dad83cc79379e2616b57bfd9 to your computer and use it in GitHub Desktop.
Download ZIP
gen.sh
Raw
gen.sh
#!/bin/sh
VHOST="$1"
TYPE="ecdsa"
DIGEST="sha512"
for san in $@; do
SAN+="--san $san "
done
echo $SAN
/usr/sbin/ipsec pki --gen --type "${TYPE}" --size 521 > "${VHOST}.key.der"
/usr/sbin/ipsec pki --pub --type "${TYPE}" --in "${VHOST}.key.der" | /usr/sbin/ipsec pki --issue \
--cacert ca.crt.der \
--cakey ca.key.der \
${SAN} \
--digest "${DIGEST}" > "${VHOST}.crt.der"
openssl ec -inform der -in "${VHOST}.key.der" -out "${VHOST}.key"
openssl x509 -inform der -in "${VHOST}.crt.der" -out "${VHOST}.crt"
openssl pkcs12 -export -out "${VHOST}.p12" -inkey "${VHOST}.key" -in "${VHOST}.crt" -certfile ca.crt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment