MT#6695 scripts: add generate_ssl_key.sh

script/generate_ssl_keys.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+BASE="/usr/share/ngcp-panel/script"
+DEST=${1:-/etc/ngcp-panel/api_ssl}
+
+mkdir -p ${DEST}
+
+/usr/bin/openssl req -x509 -config ${BASE}/opensslcnf.cnf \
+	-newkey rsa:4096 -keyout ${DEST}/api_ca.key -out ${DEST}/api_ca.crt \
+	-days 999 -nodes -batch

script/opensslcnf.cnf

@@ -0,0 +1,51 @@
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+[ CA_default ]
+
+default_days = 1000 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha256 # use public key default MD
+preserve = no # keep passed DN ordering
+
+x509_extensions = ca_extensions # The extensions to add to the cert
+
+email_in_dn = no # Don't concat the email in the DN
+copy_extensions = copy # Required to copy SANs from CSR to cert
+
+####################################################################
+[ req ]
+default_bits = 4096
+default_keyfile = cakey.pem
+distinguished_name = ca_distinguished_name
+x509_extensions = ca_extensions
+string_mask = utf8only
+
+####################################################################
+[ ca_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = AT
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Some-State
+
+localityName = Locality Name (eg, city)
+localityName_default =
+
+organizationName = Organization Name (eg, company)
+organizationName_default = Sipwise GmbH
+
+commonName = Common Name (e.g. server FQDN or YOUR name)
+commonName_default = Sipwise GmbH
+
+emailAddress = Email Address
+emailAddress_default = service@sipwise.com
+
+####################################################################
+[ ca_extensions ]
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always, issuer
+basicConstraints = critical, CA:true
+keyUsage = keyCertSign, cRLSign