-
Notifications
You must be signed in to change notification settings - Fork 14
Expand file tree
/
Copy pathcreate_node_cert
More file actions
executable file
·26 lines (22 loc) · 963 Bytes
/
create_node_cert
File metadata and controls
executable file
·26 lines (22 loc) · 963 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#!/bin/bash
unalias rm 2>/dev/null
if [ \! \( -e signing.key -a -e signing.crt \) ]; then
echo "Can't create node certificates with no signing cert; please run create_signing_cert"
exit 1
fi
if [ "$*" = "" ]; then
echo "Usage: $0 [node id 1] [node id 2] ..."
exit 0
fi
for node in $*; do
NODEBASE=node.${node}
if [ \! \( -e ${NODEBASE}.key -o -e ${NODEBASE}.crt \) \]; then
openssl req -newkey ec:<(openssl ecparam -name secp521r1) -keyout ${NODEBASE}.key.enc -out ${NODEBASE}.req -subj "/C=GO/ST=reign/CN=${node}/" -passout pass:abcd && \
openssl ec -in ${NODEBASE}.key.enc -out ${NODEBASE}.key -passin pass:abcd && \
rm -f ${NODEBASE}.key.enc && \
openssl x509 -req -days 3650 -in ${NODEBASE}.req -CA signing.crt -CAkey signing.key -out ${NODEBASE}.crt -CAcreateserial && \
rm -f ${NODEBASE}.req
else
echo "Error: Bypassing node $node because its files already exist."
fi
done