From 2b563f1730dcbc9290746991f841c62360417276 Mon Sep 17 00:00:00 2001 From: Michael Prokop Date: Fri, 19 Dec 2014 00:18:03 +0100 Subject: [PATCH] MT#10181 generate_ssl_keys.sh: support skipping csr file generation Change-Id: I818e9c9168b5573a51878ca11f26d3f351c2f6ad --- tools/generate_ssl_keys.sh | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/tools/generate_ssl_keys.sh b/tools/generate_ssl_keys.sh index 6d71770a49..be277864c2 100755 --- a/tools/generate_ssl_keys.sh +++ b/tools/generate_ssl_keys.sh @@ -7,6 +7,7 @@ set -u DEST="${1:-}" BASE="${2:-/usr/share/ngcp-panel-tools}" FILE="${3:-api_ca}" +SKIP_CSR="${SKIP_CSR:-}" if [ -z "${1:-}" ] ; then echo "Usage: $0 [ " >&2 @@ -32,13 +33,29 @@ mkdir -p "${DEST}" umask 077 echo "Generating OpenSSL certificate files in directory ${DEST}:" -/usr/bin/openssl genrsa -out "${KEY_FILE}" 4096 -config "${OPENSSL_CONFIG}" -batch -/usr/bin/openssl req -new -out "${CSR_FILE}" -key "${KEY_FILE}" -config "${OPENSSL_CONFIG}" -batch -/usr/bin/openssl x509 -req -in "${CSR_FILE}" -signkey "${KEY_FILE}" -out "${CRT_FILE}" -extfile "${OPENSSL_CONFIG}" + +if [ "$SKIP_CSR" = "true" ] ; then + echo "Skipping generation of csr file as requested via SKIP_CSR environment variable." + echo "Generating only key and crt files now." + /usr/bin/openssl req -x509 \ + -config "${OPENSSL_CONFIG}" \ + -newkey rsa:4096 \ + -keyout "${KEY_FILE}" \ + -out "${CRT_FILE}" \ + -nodes -batch +else + /usr/bin/openssl genrsa -out "${KEY_FILE}" 4096 -config "${OPENSSL_CONFIG}" -batch + /usr/bin/openssl req -new -out "${CSR_FILE}" -key "${KEY_FILE}" -config "${OPENSSL_CONFIG}" -batch + /usr/bin/openssl x509 -req -in "${CSR_FILE}" -signkey "${KEY_FILE}" -out "${CRT_FILE}" -extfile "${OPENSSL_CONFIG}" +fi chmod 640 "${KEY_FILE}" "${CRT_FILE}" -chmod 600 "${CSR_FILE}" +[ -r "${CSR_FILE}" ] && chmod 600 "${CSR_FILE}" -echo "Generated ${KEY_FILE} ${CRT_FILE} ${CSR_FILE}" +if [ "$SKIP_CSR" = "true" ] ; then + echo "Generated ${KEY_FILE} ${CRT_FILE}" +else + echo "Generated ${KEY_FILE} ${CRT_FILE} ${CSR_FILE}" +fi echo "Finished execution of $0"