3 # Added for Debian. The upstream version is installed in /etc/shibboleth and
4 # for Debian we wanted to move it to /usr/bin, so change directories so that
5 # it puts files in the correct location.
8 while getopts h:e:y:bf c
16 \?) echo keygen [-h hostname for cert] [-y years to issue cert] [-e entityID to embed in cert]
21 if [ -n "$FORCE" ] ; then
22 rm sp-key.pem sp-cert.pem
25 if [ -s sp-key.pem -o -s sp-cert.pem ] ; then
26 if [ -z "$BATCH" ] ; then
27 echo The files sp-key.pem and/or sp-cert.pem already exist!
28 echo Use -f option to force recreation of keypair.
34 # --fqdn flag added for Debian to generate better names for certificates.
35 if [ -z "$FQDN" ] ; then
36 FQDN=`hostname --fqdn`
39 if [ -z "$YEARS" ] ; then
43 DAYS=`expr $YEARS \* 365`
45 if [ -z "$ENTITYID" ] ; then
48 ALTNAME=DNS:$FQDN,URI:$ENTITYID
51 cat >sp-cert.cnf <<EOF
52 # OpenSSL configuration file for creating sp-cert.pem
59 # PrintableStrings only
65 subjectAltName=$ALTNAME
66 subjectKeyIdentifier=hash
69 if [ -z "$BATCH" ] ; then
70 openssl req -config sp-cert.cnf -new -x509 -days $DAYS -keyout sp-key.pem -out sp-cert.pem
72 openssl req -config sp-cert.cnf -new -x509 -days $DAYS -keyout sp-key.pem -out sp-cert.pem 2> /dev/null