smeserver-koji/koji-setup/koji-gencert.sh
2023-09-29 08:48:18 +10:00

34 lines
974 B
Bash
Executable File

#!/bin/bash
# SPDX-License-Identifier: Apache-2.0
set -e
KOJI_USER="$1"
CERT_SUBJECT="$2"
DEBUG=
SILENT="-s"
QUIET="-q"
for param in $3 ; do
if [ $param ] ; then
case $param in
debug )
DEBUG="debug" ;;
esac
else
break
fi
done
if [ $DEBUG ] ; then
set -xe
SILENT=
QUIET="-v"
fi
openssl genrsa -out private/"$KOJI_USER".key 2048
openssl req -subj "$CERT_SUBJECT" -config ssl.cnf -new -nodes -out certs/"$KOJI_USER".csr -key private/"$KOJI_USER".key
openssl ca -batch -config ssl.cnf -keyfile private/koji_ca_cert.key -cert koji_ca_cert.crt -out certs/"$KOJI_USER".crt -outdir certs -infiles certs/"$KOJI_USER".csr
cat certs/"$KOJI_USER".crt private/"$KOJI_USER".key > "$KOJI_USER".pem
# Browser certificate is not password-protected, ask users to change their password
openssl pkcs12 -export -inkey private/"$KOJI_USER".key -in certs/"$KOJI_USER".crt -CAfile koji_ca_cert.crt -out certs/"$KOJI_USER"_browser_cert.p12 -passout pass: