aboutsummaryrefslogtreecommitdiffstats
path: root/meta-agl-demo-control-panel/recipes-connectivity/kuksa-val/kuksa-certificates-agl/genCertsAGL.sh
blob: b078fd1b25ee560b9e61fe665bb963608fba5389 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
#!/bin/bash


genCAKey() {
    openssl genrsa -out CA.key 2048
}


genCACert() {
    openssl req -key CA.key -new -out CA.csr -subj "/C=US/ST=San Francisco/L=California/O=automotivelinux.org/CN=localhost-ca/emailAddress=agl-dev-community@lists.automotivelinux.org"
    openssl x509 -signkey CA.key -in CA.csr -req -days 3650 -out CA.pem
}

genKey() {
    openssl genrsa -out $1.key 2048
}

genCert() {
    openssl req -new -key $1.key -out $1.csr -passin pass:"temp" -subj "/C=US/ST=San Francisco/L=California/O=automotivelinux.org/CN=$1/emailAddress=agl-dev-community@lists.automotivelinux.org"
    openssl x509 -req -in $1.csr -extfile <(printf "subjectAltName=DNS:$1,DNS:localhost,IP:127.0.0.1") -CA CA.pem -CAkey CA.key -CAcreateserial -days 1460 -out $1.pem
    openssl verify -CAfile CA.pem $1.pem
}

set -e
# Check if the CA is available, else make CA certificates
if [ -f "CA.key" ]; then
    echo "Existing CA.key will be used"
else
    echo "No CA.key found, will generate new key"
    genCAKey
    rm -f CA.pem
    echo ""
fi

# Check if the CA.pem is available, else generate a new CA.pem
if [ -f "CA.pem" ]; then
    echo "CA.pem will not be regenerated"
else
    echo "No CA.pem found, will generate new CA.pem"
    genCACert
    echo ""
fi


for i in Server Client;
do
    if [ -f $i.key ]; then
        echo "Existing $i.key will be used"
    else
        echo "No $i.key found, will generate new key"
        genKey $i
    fi
    echo ""
    echo "Generating $i.pem"
    genCert $i
    echo ""
done