PKI production ready
This commit is contained in:
parent
f8a6bc40a7
commit
699af46e01
11
pki/CA.sh
11
pki/CA.sh
@ -40,7 +40,7 @@ fi
|
||||
|
||||
usage()
|
||||
{
|
||||
echo "Usage: $0 (-newca|-newserver|-revokeserver|-newclient NAME|-revoke NAME|-gencrl)"
|
||||
echo "Usage: $0 (-newca|-newserver IP/URL|-revokeserver|-newclient NAME|-revoke NAME|-gencrl)"
|
||||
exit 1
|
||||
}
|
||||
|
||||
@ -123,12 +123,19 @@ case $1 in
|
||||
;;
|
||||
|
||||
"-newserver" )
|
||||
if [ $# -lt 2 ]; then
|
||||
echo "Give as first argument the production IP or the domain that this certificat will cover."
|
||||
echo "eg.: $0 -newserver 10.42.23.69"
|
||||
echo " $0 -newserver fic.srs.epita.fr"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo $ECHO_OPTS "${GREEN}Making the Server key and cert${COLOR_RST}"
|
||||
if ! [ -f ${CAKEY} ]; then
|
||||
echo $ECHO_OPTS "${RED}Can not found the CA's key${COLOR_RST}"
|
||||
exit 2
|
||||
fi
|
||||
sed -i 's/=.*#COMMONNAME/=10.226.3.70#COMMONNAME/' $OPENSSL_CONF
|
||||
sed -i "s/=.*#COMMONNAME/=$2#COMMONNAME/" $OPENSSL_CONF
|
||||
if ! openssl req -batch -new -keyout ${SRVKEY} -out ${SRVREQ} \
|
||||
-days ${DAYS} -config ${OPENSSL_CONF} -extensions SERVER_SSL > $OUTPUT 2>&1
|
||||
then
|
||||
|
@ -21,7 +21,9 @@ VOLUME ["/var/www/fic-server/PKI"]
|
||||
|
||||
WORKDIR /var/www/fic-server/pki
|
||||
|
||||
CMD bash ./CA.sh -newca && \
|
||||
bash ./CA.sh -newserver && \
|
||||
openssl dhparam -check -5 4096 -out /var/www/fic-server/shared/params.4096 && \
|
||||
bash ./CA.sh -gencrl
|
||||
ENTRYPOINT bash ./CA.sh -newca && \
|
||||
bash ./CA.sh -newserver "$1" && \
|
||||
openssl dhparam -check -5 4096 -out /var/www/fic-server/shared/params.4096 && \
|
||||
bash ./CA.sh -gencrl
|
||||
|
||||
CMD 127.0.0.1
|
||||
|
Loading…
Reference in New Issue
Block a user