sipwise
/
kamailio
mirror of https://github.com/sipwise/kamailio.git
1
0
Fork 0
Code Issues Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '07d22578d2'
${ noResults }
kamailio/modules/tls/sip-router_cert.sh

202 lines
5.3 KiB
Raw Blame History

#!/bin/sh
#
# $Id$
#
# This script generates a self-signed TLS/SSL certificate that can be
# immediately used with the TLS module of SIP Router. The file was inspired
# by a script from Debian's uw-imapd package.
#
#############################################################################
# Configuration variables
#############################################################################
NAME=$MAIN_NAME
if [ -z "$NAME" ] ; then NAME="sip-router"; fi;
DEFAULT_DIR="/usr/local/etc/$NAME"
DEFAULT_DAYS=365
DEFAULT_INFO="Self-signed certificate for $NAME"
DEFAULT_CERT_FILENAME="$NAME-selfsigned.pem"
DEFAULT_KEY_FILENAME="$NAME-selfsigned.key"
DEFAULT_OPENSSL='openssl'
HOSTNAME=`hostname -s`
if hostname -f >/dev/null 2>/dev/null ; then
FQDN=`hostname -f`
else
FQDN=`hostname`
fi
MAILNAME=`cat /etc/mailname 2> /dev/null || echo $FQDN`
# test if we have the normal or enhanced getopt
getopt -T >/dev/null
if [ $? = 4 ]; then
LONGOPTS_SUPPORTED=1
fi
longopts() {
if [ -z "${LONGOPTS_SUPPORTED}" ]; then
exit;
fi
case "$1" in
-h) echo ', --help';;
-d) echo ', --dir' ;;
-c) echo ', --certificate';;
-k) echo ', --key';;
-e) echo ', --expires';;
-i) echo ', --info';;
-o) echo ', --overwrite' ;;
esac
}
usage() {
cat <<EOF
NAME
$COMMAND - Generate a self-signed TLS/SSL certificate for use with $NAME.
SYNOPSIS
$COMMAND [options]
DESCRIPTION
This is a simple shell script that generates a self signed TLS/SSL
certificate (and private key) for use with the tls module of $NAME. The
self-signed certificate is suitable for testing and/or private setups.
You are encouraged to create a proper authorized one if needed.
Both certificate and key files are by default stored in the directory
containing the configuration file of $NAME (unless you change it using
the options below).
OPTIONS
-h`longopts -h`
Display this help text.
-d`longopts -d`
The path to the directory where cert and key files will be stored.
(Default value is '$DEFAULT_DIR')
-c`longopts -c`
The name of the file where the certificate will be stored.
(Default value is '$DEFAULT_CERT_FILENAME')
-k`longopts -k`
The name of the file where the private key will be stored.
(Default value is '$DEFAULT_KEY_FILENAME')
-e`longopts -e`
Number of days for which the certificate will be valid.
(Default value is '$DEFAULT_DAYS')
-i`longopts -i`
The description text to be embedded in the certificate.
(Default value is '$DEFAULT_INFO')
-o`longopts -o`
Overwrite certificate and key files if they exist already.
(By default they will be not overwritten.)
ENVIRONMENT VARIABLES
OPENSSL Path to openssl command (Currently ${OPENSSL})
AUTHOR
Written by Jan Janak <jan@iptel.org>
REPORTING BUGS
Report bugs to <sr-dev@sip-router.org>
EOF
} #usage
COMMAND=`basename $0`
if [ -z "$DIR" ] ; then DIR=$DEFAULT_DIR; fi;
if [ -z "$DAYS" ] ; then DAYS=$DEFAULT_DAYS; fi;
if [ -z "$INFO" ] ; then INFO=$DEFAULT_INFO; fi;
if [ -z "$CERT_FILENAME" ] ; then CERT_FILENAME=$DEFAULT_CERT_FILENAME; fi;
if [ -z "$KEY_FILENAME" ] ; then KEY_FILENAME=$DEFAULT_KEY_FILENAME; fi;
if [ -z "$OPENSSL" ] ; then OPENSSL=$DEFAULT_OPENSSL; fi;
if [ -n "${LONGOPTS_SUPPORTED}" ]; then
# enhanced version
TEMP=`getopt -o hd:c:k:e:i:o --long help,dir:,certificate:,key:,expires:,info:,overwrite -n $COMMAND -- "$@"`
else
# basic version
TEMP=`getopt hd:c:k:e:i:o "$@"`
fi
if [ $? != 0 ] ; then exit 1; fi
eval set -- "$TEMP"
while true ; do
case "$1" in
-h|--help) usage; exit 0 ;;
-d|--dir) DIR=$2; shift 2 ;;
-c|--certificate) CERT_FILENAME=$2; shift 2 ;;
-k|--key) KEY_FILENAME=$2; shift 2 ;;
-e|--expires) DAYS=$2; shift 2 ;;
-i|--info) INFO=$2; shift 2 ;;
-o|--overwrite) OVERWRITE=1; shift ;;
--) shift; break ;;
*) echo "Internal error"; exit 1 ;;
esac
done
TEMP=`which $OPENSSL`
if [ $? != 0 ] ; then
echo "Could not find openssl command"
echo "Set OPENSSL environment variable properly (see -h for more info)"
exit 1
fi
if [ ! -d "$DIR" ] ; then
echo "Directory '$DIR' does not exist."
exit 1
fi
if [ -z "$OVERWRITE" -a \( -f "$DIR/$CERT_FILENAME" \) ] ; then
echo "File '$DIR/$CERT_FILENAME' already exists, doing nothing."
echo "(Use -o to override)"
exit 0;
fi
if [ -z "$OVERWRITE" -a \( -f "$DIR/$KEY_FILENAME" \) ] ; then
echo "File '$DIR/$KEY_FILENAME' already exists, doing nothing."
echo "(Use -o to override)."
exit 0;
fi
touch "$DIR/$CERT_FILENAME" > /dev/null 2>&1
if [ $? != 0 ] ; then
echo "Could not create file '$DIR/$CERT_FILENAME'"
exit 1
fi
touch "$DIR/$KEY_FILENAME" > /dev/null 2>&1
if [ $? != 0 ] ; then
echo "Could not create file '$DIR/$KEY_FILENAME'"
rm -f "$DIR/$CERT_FILE"
exit 1
fi
echo "Creating a new $NAME self-signed certificate for '$FQDN'" \
"valid for $DAYS days."
openssl req -new -x509 -days "$DAYS" -nodes -out "$DIR/$CERT_FILENAME" \
-keyout "$DIR/$KEY_FILENAME" > /dev/null 2>&1 <<+
.
.
.
$INFO
$HOSTNAME
$FQDN
root@$MAILNAME
+
if [ $? != 0 ] ; then
echo "Error while executing openssl command."
rm -f "$DIR/$CERT_FILE" "$DIR/$KEY_FILE"
exit 1;
else
echo "Private key stored in '$DIR/$KEY_FILENAME'."
echo "Certificate stored in '$DIR/$CERT_FILENAME'."
exit 0;
fi
Reference in new issue View Git Blame Copy Permalink