From: cantor Date: Wed, 12 Mar 2008 16:27:05 +0000 (+0000) Subject: Generate a cnf file with patch from SWITCH to control cert content. X-Git-Tag: 2.4~519 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fsp.git;a=commitdiff_plain;h=5b2179aae44d453abba061e85ea3bcfd8bb60f87 Generate a cnf file with patch from SWITCH to control cert content. Add -e option to supply entityID and -f force option. git-svn-id: https://svn.middleware.georgetown.edu/cpp-sp/trunk@2768 cb58f699-b61c-0410-a6fe-9272a202ed29 --- diff --git a/configs/keygen.sh b/configs/keygen.sh index 451125d..df3b4c9 100755 --- a/configs/keygen.sh +++ b/configs/keygen.sh @@ -1,19 +1,26 @@ #! /bin/sh -while getopts h:y:b c +while getopts h:e:y:bf c do case $c in b) BATCH=1;; + f) FORCE=1;; h) FQDN=$OPTARG;; - y) DAYS=$OPTARG;; - \?) echo keygen [-h hostname/cn for cert] [-y years to issue cert] + e) ENTITYID=$OPTARG;; + y) YEARS=$OPTARG;; + \?) echo keygen [-h hostname for cert] [-y years to issue cert] [-e entityID to embed in cert] exit 1;; esac done +if [ -n $FORCE ] ; then + rm sp-key.pem sp-cert.pem +fi + if [ -e sp-key.pem ] || [ -e sp-cert.pem ] ; then if [ -z $BATCH ] ; then echo The files sp-key.pem and/or sp-cert.pem already exist! + echo Use -f option to force recreation of keypair. exit 2 fi exit 0 @@ -23,14 +30,38 @@ if [ -z $FQDN ] ; then FQDN=`hostname` fi -if [ -z $DAYS ] ; then - DAYS=10 +if [ -z $YEARS ] ; then + YEARS=10 +fi + +DAYS=$(($YEARS*365)) + +if [ -z $ENTITYID ] ; then + ALTNAME=subjectAltName=DNS:$FQDN +else + ALTNAME=subjectAltName=DNS:$FQDN,URI:$ENTITYID fi -DAYS=$(($DAYS*365)) +cat >sp-cert.cnf < /dev/null + openssl req -config sp-cert.cnf -new -x509 -days $DAYS -keyout sp-key.pem -out sp-cert.pem 2> /dev/null fi