Last active
October 5, 2019 12:06
-
-
Save tomasklapka/ced88b6b72538a5ffe6baffcd898dea8 to your computer and use it in GitHub Desktop.
WebID generation bash script (requires openssl)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
BITS=2048 | |
DIR=./out | |
if grep -q 'webid_generator' /etc/ssl/openssl.cnf; then | |
echo "WEBID_GEN: Found webid_generator configuration section in /etc/ssl/openssl.cnf" | |
else | |
echo "WEBID_GEN: Section webid_generator is missing in /etc/ssl/openssl.cnf. Add this configuration section manually: | |
[ webid_generator ] | |
basicConstraints = CA:TRUE | |
keyUsage = nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment, keyCertSign | |
extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection, timeStamping | |
nsCertType = client, server, email, objsign, sslCA, emailCA, objCA | |
subjectAltName=URI:https://example.com/profile/card\#me # update this with your WebID URI (escape # as \#) | |
subjectKeyIdentifier=hash | |
" | |
exit 1 | |
fi | |
# create output directory if not exists | |
mkdir -p $DIR | |
# create private key id_rsa | |
echo "WEBID_GEN: Generating rsa key" | |
openssl genpkey -algorithm RSA -out $DIR/id_rsa -pkeyopt rsa_keygen_bits:$BITS | |
# extract public key id_rsa.pub | |
echo "WEBID_GEN: Extracting rsa public key" | |
openssl rsa -in $DIR/id_rsa -out $DIR/id_rsa.pub -outform PEM -pubout | |
# create WebID certificate id_rsa.cer | |
echo "WEBID_GEN: Creating x509 webid certificate" | |
openssl req -x509 -key $DIR/id_rsa -nodes -days 3650 -newkey rsa:$BITS -out $DIR/id_rsa.cer -extensions webid_generator | |
# convert certificate and key to pkcs12 (for import to browser) id_rsa.p12 | |
echo "WEBID_GEN: Create pkcs12 key store for browser import" | |
openssl pkcs12 -export -out $DIR/id_rsa.p12 -in $DIR/id_rsa.cer -inkey $DIR/id_rsa |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
oh, I just found another generator. And it does not require updating /etc/ssl/openssl.conf as root :)
https://gist.github.com/njh/2432427