wagon/back/lib/ssl/peer/add

#!/bin/bash
# FILE:       	wgapi:back/lib/ssl/peer/add
# DESCRIPTION:	Create SSL certs for a new host
# USAGE:      	add hostname username ipstring

[ "$#" == "" ] || exit
source ../../../env/vars
#TODO Check for root

# Generate key
openssl genrsa -out "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key" >/dev/null 2>&1
chmod 400 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key"

# Generate config
#TODO Make sure /etc/ssl/openssl.cnf exists
cat '/etc/ssl/openssl.cnf' \
	<(printf "\n[SAN]\nsubjectAltNames=DNS:${hostname}.${username}.${TLD},DNS:*.${hostname}.${username}.${TLD},${3}") \
	> "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf"

# Generate CSR
openssl req -new -sha256 -reqexts SAN \
	-key "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key" \
	-out "${SSL_CONFIG_DIR}/${username}/${hostname}.csr"
	-config "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" \
	-subj "/O=${SSL_ORG}/OU=${username}/CN=${hostname}.${username}.${TLD}" \
	>/dev/null 2>&1

# Generate cert
openssl x509 -req -sha256 -extensions SAN -CAcreateserial \
	-extfile "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" \
	-in "${SSL_CONFIG_DIR}/${username}/${hostname}.csr" \
	-CA "${SSL_CA_CERT}" -CAkey "${SSL_CA_KEY}" \
	-passin "pass:${SSL_CA_PASS}" \
	-out "${SSL_CONFIG_DIR}/${username}/${hostname}/server.crt"
	-days "${SSL_DAYS}" >/dev/null 2>&1
chmod 644 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.crt"

# Remove old files
rm "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" "${SSL_CONFIG_DIR}/${username}/${hostname}.csr" 2>/dev/null
Moved everything around 2022-08-29 01:04:37 -06:00			`#!/bin/bash`
			`# FILE: wgapi:back/lib/ssl/peer/add`
			`# DESCRIPTION: Create SSL certs for a new host`
Finished adding dashboard api add and delete endpoints 2022-08-29 11:42:13 -06:00			`# USAGE: add hostname username ipstring`
Moved everything around 2022-08-29 01:04:37 -06:00
			`[ "$#" == "" ] \|\| exit`
Finished adding dashboard api add and delete endpoints 2022-08-29 11:42:13 -06:00			`source ../../../env/vars`
			`#TODO Check for root`

			`# Generate key`
			`openssl genrsa -out "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key" >/dev/null 2>&1`
			`chmod 400 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key"`

			`# Generate config`
			`#TODO Make sure /etc/ssl/openssl.cnf exists`
			`cat '/etc/ssl/openssl.cnf' \`
			`<(printf "\n[SAN]\nsubjectAltNames=DNS:${hostname}.${username}.${TLD},DNS:*.${hostname}.${username}.${TLD},${3}") \`
			`> "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf"`

			`# Generate CSR`
			`openssl req -new -sha256 -reqexts SAN \`
			`-key "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key" \`
			`-out "${SSL_CONFIG_DIR}/${username}/${hostname}.csr"`
			`-config "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" \`
			`-subj "/O=${SSL_ORG}/OU=${username}/CN=${hostname}.${username}.${TLD}" \`
			`>/dev/null 2>&1`

			`# Generate cert`
			`openssl x509 -req -sha256 -extensions SAN -CAcreateserial \`
			`-extfile "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" \`
			`-in "${SSL_CONFIG_DIR}/${username}/${hostname}.csr" \`
			`-CA "${SSL_CA_CERT}" -CAkey "${SSL_CA_KEY}" \`
			`-passin "pass:${SSL_CA_PASS}" \`
			`-out "${SSL_CONFIG_DIR}/${username}/${hostname}/server.crt"`
			`-days "${SSL_DAYS}" >/dev/null 2>&1`
			`chmod 644 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.crt"`

			`# Remove old files`
			`rm "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" "${SSL_CONFIG_DIR}/${username}/${hostname}.csr" 2>/dev/null`