-
Notifications
You must be signed in to change notification settings - Fork 82
Expand file tree
/
Copy pathsetup-ssl.sh
More file actions
executable file
·38 lines (36 loc) · 1.57 KB
/
setup-ssl.sh
File metadata and controls
executable file
·38 lines (36 loc) · 1.57 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
#!/bin/sh
#
# Generates or validates self-signed SSL certificates.
#
# Environment:
# CERT_DIR – directory for certificate files (required)
# HOST – hostname for SAN entries; when unset, expects existing certs
#
set -e
if [ -z "$CERT_DIR" ]; then
echo "CERT_DIR is required" >&2
exit 1
fi
if [ -n "$HOST" ]; then
echo "Generating new self-signed SSL cert using $HOST..."
sed -i'' -e "s/^DNS\.1 = .*/DNS.1 = $HOST:*/" "$CERT_DIR/csr.conf"
sed -i'' -e "s/^DNS\.1 = .*/DNS.1 = $HOST:*/" "$CERT_DIR/cert.conf"
openssl req -x509 -sha256 -days 356 -nodes -newkey rsa:2048 -subj "/CN=Graph Explorer/C=US/L=Seattle" -keyout "$CERT_DIR/rootCA.key" -out "$CERT_DIR/rootCA.crt"
openssl genrsa -out "$CERT_DIR/server.key" 2048
openssl req -new -key "$CERT_DIR/server.key" -out "$CERT_DIR/server.csr" -config "$CERT_DIR/csr.conf"
openssl x509 -req -in "$CERT_DIR/server.csr" -CA "$CERT_DIR/rootCA.crt" -CAkey "$CERT_DIR/rootCA.key" -CAcreateserial -out "$CERT_DIR/server.crt" -days 365 -sha256 -extfile "$CERT_DIR/cert.conf"
else
echo "No HOST environment variable specified."
MISSING=""
for f in rootCA.key rootCA.crt server.key server.csr server.crt; do
if [ ! -f "$CERT_DIR/$f" ]; then
MISSING="$MISSING $f"
fi
done
if [ -n "$MISSING" ]; then
echo "Missing certificate files in $CERT_DIR:$MISSING" >&2
echo "Please specify --env HOST=<hostname> during docker run command to create SSL cert." >&2
exit 1
fi
echo "Found existing self-signed SSL certificate. Re-using existing cert."
fi