PKI production ready

pki/CA.sh

@@ -40,7 +40,7 @@ fi
 
 usage()
 {
-    echo "Usage: $0 (-newca|-newserver|-revokeserver|-newclient NAME|-revoke NAME|-gencrl)"
+    echo "Usage: $0 (-newca|-newserver IP/URL|-revokeserver|-newclient NAME|-revoke NAME|-gencrl)"
     exit 1
 }
 
@@ -123,12 +123,19 @@ case $1 in
         ;;
 
     "-newserver" )
+	if [ $# -lt 2 ]; then
+	   echo "Give as first argument the production IP or the domain that this certificat will cover."
+	   echo "eg.: $0 -newserver 10.42.23.69"
+	   echo "     $0 -newserver fic.srs.epita.fr"
+	   exit 1
+	fi
+
         echo $ECHO_OPTS "${GREEN}Making the Server key and cert${COLOR_RST}"
         if ! [ -f ${CAKEY} ]; then
             echo $ECHO_OPTS "${RED}Can not found the CA's key${COLOR_RST}"
             exit 2
         fi
-        sed -i 's/=.*#COMMONNAME/=10.226.3.70#COMMONNAME/' $OPENSSL_CONF
+        sed -i "s/=.*#COMMONNAME/=$2#COMMONNAME/" $OPENSSL_CONF
         if ! openssl req -batch -new -keyout ${SRVKEY} -out ${SRVREQ} \
                      -days ${DAYS} -config ${OPENSSL_CONF} -extensions SERVER_SSL > $OUTPUT 2>&1
 	then

pki/Dockerfile

@@ -21,7 +21,9 @@ VOLUME ["/var/www/fic-server/PKI"]
 
 WORKDIR /var/www/fic-server/pki
 
-CMD bash ./CA.sh -newca && \
+ENTRYPOINT bash ./CA.sh -newca && \
-    bash ./CA.sh -newserver && \
+    	   bash ./CA.sh -newserver "$1" && \
-    openssl dhparam -check -5 4096 -out /var/www/fic-server/shared/params.4096 && \
+    	   openssl dhparam -check -5 4096 -out /var/www/fic-server/shared/params.4096 && \
-    bash ./CA.sh -gencrl
+    	   bash ./CA.sh -gencrl
+
+CMD 127.0.0.1