2008-01-15 09:53:05 -05:00
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
CONFDIR=@prefix@/conf/ssl
|
|
|
|
DAYS=365
|
|
|
|
|
|
|
|
TMPFILE="/tmp/fs-ca-$$-$(date +%Y%m%d%H%M%S)"
|
|
|
|
|
|
|
|
COMMON_NAME="FreesSWITCH CA"
|
|
|
|
ALT_NAME="DNS:test.freeswitch.org"
|
|
|
|
ORG_NAME="FreeSWITCH"
|
2008-01-17 05:14:54 -05:00
|
|
|
OUTFILE="agent.pem"
|
2008-01-15 09:53:05 -05:00
|
|
|
|
|
|
|
umask 037
|
|
|
|
|
2008-01-17 09:37:45 -05:00
|
|
|
check_ca() {
|
|
|
|
for x in cacert.pem cakey.pem config.tpl; do
|
|
|
|
if [ ! -e "${CONFDIR}/CA/${x}" ]; then
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
|
|
|
|
return 0
|
|
|
|
}
|
2008-01-15 09:53:05 -05:00
|
|
|
|
2008-01-17 09:37:45 -05:00
|
|
|
setup_ca() {
|
|
|
|
if check_ca; then
|
|
|
|
echo "Existing CA found in \"${CONFDIR}/CA\""
|
|
|
|
echo "(Use \"gentls_cert remove\" to delete)"
|
2008-01-17 05:14:54 -05:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2008-01-17 09:37:45 -05:00
|
|
|
echo "Creating new CA..."
|
|
|
|
|
2008-01-15 09:53:05 -05:00
|
|
|
if [ ! -d "${CONFDIR}/CA" ]; then
|
|
|
|
mkdir -p -m 750 "${CONFDIR}/CA" || exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ ! -e "${CONFDIR}/CA/config.tpl" ]; then
|
|
|
|
cat > "${CONFDIR}/CA/config.tpl" <<-EOF
|
|
|
|
[ req ]
|
|
|
|
default_bits = 1024
|
|
|
|
prompt = no
|
|
|
|
distinguished_name = req_dn
|
|
|
|
|
|
|
|
[ req_dn ]
|
|
|
|
commonName = %CN%
|
|
|
|
organizationName = %ORG%
|
|
|
|
|
|
|
|
[ ext ]
|
|
|
|
basicConstraints=CA:FALSE
|
|
|
|
subjectKeyIdentifier=hash
|
|
|
|
authorityKeyIdentifier=keyid,issuer:always
|
|
|
|
subjectAltName=%ALTNAME%
|
|
|
|
EOF
|
|
|
|
fi
|
|
|
|
|
|
|
|
sed \
|
|
|
|
-e "s|%CN%|$COMMON_NAME|" \
|
|
|
|
-e "s|%ORG%|$ORG_NAME|" \
|
|
|
|
-e "/%ALTNAME%/d" \
|
|
|
|
-e "s|CA:FALSE|CA:TRUE|" \
|
|
|
|
"${CONFDIR}/CA/config.tpl" \
|
|
|
|
> "${TMPFILE}.cfg" || exit 1
|
|
|
|
|
|
|
|
openssl req -new -out "${CONFDIR}/CA/careq.pem" \
|
|
|
|
-newkey rsa:1024 -keyout "${CONFDIR}/CA/cakey.pem" \
|
|
|
|
-config "${TMPFILE}.cfg" -nodes -sha1 >/dev/null || exit 1
|
|
|
|
|
|
|
|
openssl x509 -req -signkey "${CONFDIR}/CA/cakey.pem" -in "${CONFDIR}/CA/careq.pem" \
|
|
|
|
-out "${CONFDIR}/CA/cacert.pem" -extfile "${TMPFILE}.cfg" \
|
|
|
|
-extensions ext -days ${DAYS} -sha1 >/dev/null || exit 1
|
|
|
|
|
|
|
|
rm "${TMPFILE}.cfg"
|
|
|
|
|
|
|
|
echo "DONE"
|
|
|
|
}
|
|
|
|
|
|
|
|
generate_cert() {
|
|
|
|
local val=""
|
|
|
|
|
2008-01-17 09:37:45 -05:00
|
|
|
if ! check_ca; then
|
|
|
|
echo "No existing CA found, please create one with \"gentls_cert setup\" first"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2008-01-15 09:53:05 -05:00
|
|
|
echo "Generating new certificate..."
|
|
|
|
|
|
|
|
echo
|
|
|
|
echo "--------------------------------------------------------"
|
|
|
|
echo "CN: \"${COMMON_NAME}\""
|
|
|
|
echo "ORG_NAME: \"${ORG_NAME}\""
|
|
|
|
echo "ALT_NAME: \"${ALT_NAME}\""
|
|
|
|
echo
|
2008-01-17 05:14:54 -05:00
|
|
|
echo "Certificate filename \"${OUTFILE}\""
|
|
|
|
echo
|
2008-01-17 09:37:45 -05:00
|
|
|
echo "[Is this OK? (y/N)]"
|
2008-01-15 09:53:05 -05:00
|
|
|
read val
|
2008-01-17 09:37:45 -05:00
|
|
|
if [ "${val}" != "y" ] && [ "${val}" != "Y" ]; then
|
2008-01-17 05:14:54 -05:00
|
|
|
echo "Aborted"
|
2008-01-15 09:53:05 -05:00
|
|
|
return 2
|
|
|
|
fi
|
|
|
|
|
|
|
|
sed \
|
|
|
|
-e "s|%CN%|$COMMON_NAME|" \
|
|
|
|
-e "s|%ALTNAME%|$ALT_NAME|" \
|
|
|
|
-e "s|%ORG%|$ORG_NAME|" \
|
|
|
|
"${CONFDIR}/CA/config.tpl" \
|
|
|
|
> "${TMPFILE}.cfg" || exit 1
|
|
|
|
|
|
|
|
openssl req -new -out "${TMPFILE}.req" \
|
|
|
|
-newkey rsa:1024 -keyout "${TMPFILE}.key" \
|
|
|
|
-config "${TMPFILE}.cfg" -nodes -sha1 >/dev/null || exit 1
|
|
|
|
|
|
|
|
openssl x509 -req -CAkey "${CONFDIR}/CA/cakey.pem" -CA "${CONFDIR}/CA/cacert.pem" -CAcreateserial \
|
|
|
|
-in "${TMPFILE}.req" -out "${TMPFILE}.crt" -extfile "${TMPFILE}.cfg" \
|
|
|
|
-extensions ext -days ${DAYS} -sha1 >/dev/null || exit 1
|
|
|
|
|
|
|
|
cat "${CONFDIR}/CA/cacert.pem" > "${CONFDIR}/cafile.pem"
|
2008-01-17 05:14:54 -05:00
|
|
|
cat "${TMPFILE}.crt" "${TMPFILE}.key" > "${CONFDIR}/${OUTFILE}"
|
2008-01-15 09:53:05 -05:00
|
|
|
|
|
|
|
rm "${TMPFILE}.cfg" "${TMPFILE}.crt" "${TMPFILE}.key" "${TMPFILE}.req"
|
|
|
|
|
|
|
|
echo "DONE"
|
|
|
|
}
|
|
|
|
|
|
|
|
remove_ca() {
|
2008-01-17 05:14:54 -05:00
|
|
|
echo "Removing CA"
|
2008-01-15 09:53:05 -05:00
|
|
|
|
2009-12-15 09:34:43 -05:00
|
|
|
if [ -d "${CONFDIR}/CA" ]; then
|
2008-01-15 09:53:05 -05:00
|
|
|
rm "${CONFDIR}/CA/"*
|
|
|
|
rmdir "${CONFDIR}/CA"
|
|
|
|
fi
|
|
|
|
|
|
|
|
echo "DONE"
|
|
|
|
}
|
|
|
|
|
|
|
|
command="$1"
|
|
|
|
shift
|
|
|
|
|
|
|
|
while [ $# -gt 0 ]; do
|
|
|
|
case $1 in
|
|
|
|
-cn)
|
|
|
|
shift
|
|
|
|
COMMON_NAME="$1"
|
|
|
|
;;
|
|
|
|
-alt)
|
|
|
|
shift
|
|
|
|
ALT_NAME="$1"
|
|
|
|
;;
|
|
|
|
-org)
|
|
|
|
shift
|
|
|
|
ORG_NAME="$1"
|
|
|
|
;;
|
2008-01-17 05:14:54 -05:00
|
|
|
-out)
|
|
|
|
shift
|
|
|
|
OUTFILE="$1"
|
|
|
|
;;
|
2009-06-17 19:11:19 -04:00
|
|
|
-days)
|
|
|
|
shift
|
|
|
|
DAYS="$1"
|
|
|
|
;;
|
2008-01-15 09:53:05 -05:00
|
|
|
esac
|
|
|
|
shift
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
|
|
case ${command} in
|
|
|
|
setup)
|
|
|
|
setup_ca
|
|
|
|
;;
|
|
|
|
|
|
|
|
create)
|
|
|
|
generate_cert
|
|
|
|
;;
|
|
|
|
|
|
|
|
remove)
|
|
|
|
echo "Are you sure you want to delete the CA? [YES to delete]"
|
|
|
|
read val
|
|
|
|
if [ "${val}" = "YES" ]; then
|
|
|
|
remove_ca
|
|
|
|
else
|
|
|
|
echo "Not deleting CA"
|
|
|
|
fi
|
|
|
|
;;
|
|
|
|
|
|
|
|
*)
|
|
|
|
cat <<-EOF
|
|
|
|
$0 <setup|create|clean> [options]
|
|
|
|
|
|
|
|
* commands:
|
|
|
|
|
|
|
|
setup - Setup new CA
|
|
|
|
remove - Remove CA
|
|
|
|
|
2008-01-17 05:14:54 -05:00
|
|
|
create - Create new certificate (overwriting old!)
|
|
|
|
|
|
|
|
|
2008-01-15 09:53:05 -05:00
|
|
|
* options:
|
|
|
|
|
|
|
|
-cn Set common name
|
|
|
|
-alt Set alternative name (use prefix 'DNS:' or 'URI:')
|
|
|
|
-org Set organization name
|
2008-01-17 05:14:54 -05:00
|
|
|
-out Filename for new certificate (create only)
|
2009-06-17 19:11:19 -04:00
|
|
|
-days Certificate expires in X days (default: 365)
|
2008-01-15 09:53:05 -05:00
|
|
|
|
|
|
|
EOF
|
|
|
|
exit 1
|
|
|
|
;;
|
|
|
|
esac
|