3 while getopts h:u:g:o:e:y:bf c
14 \?) echo "keygen [-o output directory (default .)] [-u username to own keypair] [-g owning groupname] [-h hostname for cert] [-y years to issue cert] [-e entityID to embed in cert]"
18 if [ -z "$OUT" ] ; then
22 if [ -n "$FORCE" ] ; then
23 rm $OUT/sp-key.pem $OUT/sp-cert.pem
26 if [ -s $OUT/sp-key.pem -o -s $OUT/sp-cert.pem ] ; then
27 if [ -z "$BATCH" ] ; then
28 echo The files $OUT/sp-key.pem and/or $OUT/sp-cert.pem already exist!
29 echo Use -f option to force recreation of keypair.
35 if [ -z "$FQDN" ] ; then
39 if [ -z "$YEARS" ] ; then
43 DAYS=`expr $YEARS \* 365`
45 if [ -z "$ENTITYID" ] ; then
48 ALTNAME=DNS:$FQDN,URI:$ENTITYID
51 SSLCNF=$OUT/sp-cert.cnf
53 # OpenSSL configuration file for creating sp-cert.pem
60 # PrintableStrings only
66 subjectAltName=$ALTNAME
67 subjectKeyIdentifier=hash
71 chmod 600 $OUT/sp-key.pem
72 if [ -z "$BATCH" ] ; then
73 openssl req -config $SSLCNF -new -x509 -days $DAYS -keyout $OUT/sp-key.pem -out $OUT/sp-cert.pem
75 openssl req -config $SSLCNF -new -x509 -days $DAYS -keyout $OUT/sp-key.pem -out $OUT/sp-cert.pem 2> /dev/null
79 if [ -s $OUT/sp-key.pem -a -n "$USER" ] ; then
80 chown $USER $OUT/sp-key.pem $OUT/sp-cert.pem
83 if [ -s $OUT/sp-key.pem -a -n "$GROUP" ] ; then
84 chgrp $GROUP $OUT/sp-key.pem $OUT/sp-cert.pem