Created
April 20, 2017 19:47
-
-
Save RMerl/b074151cc70880c8f81f0711525b75fb to your computer and use it in GitHub Desktop.
gencert.sh V2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
SECS=1262278080 | |
cd /etc | |
cp -L openssl.cnf openssl.config | |
LANCN=$(nvram get https_crt_cn) | |
LANIP=$(nvram get lan_ipaddr) | |
if [ "$LANCN" != "" ] | |
then | |
I=0 | |
for CN in $LANCN; do | |
echo "$I.commonName=CN" >> openssl.config | |
echo "$I.commonName_value=$CN" >> openssl.config | |
I=$(($I + 1)) | |
done | |
else | |
echo "0.commonName=CN" >> openssl.config | |
echo "0.commonName_value=$LANIP" >> openssl.config | |
fi | |
I=0 | |
# Start of SAN extensions | |
echo "[ CA_default ]" >> openssl.config | |
echo "copy_extensions = copy" >> openssl.config | |
echo "[ v3_ca ]" >> openssl.config | |
echo "subjectAltName = @alt_names" >> openssl.config | |
echo "[ v3_req ]" >> openssl.config | |
echo "subjectAltName = @alt_names" >> openssl.config | |
echo "[alt_names]" >> openssl.config | |
# IP | |
echo "IP.0 = $LANIP" >> openssl.config | |
# DUT | |
echo "DNS.$I = router.asus.com" >> openssl.config | |
I=$(($I + 1)) | |
# User-defined CN (if we have any - legacy Tomato code?) | |
if [ "$NVCN" != "" ] | |
then | |
for CN in $NVCN; do | |
echo "DNS.$I = $CN" >> openssl.config | |
I=$(($I + 1)) | |
done | |
fi | |
# hostnames | |
LANDOMAIN=$(nvram get lan_domain) | |
COMPUTERNAME=$(nvram get computer_name) | |
LANHOSTNAME=$(nvram get lan_hostname) | |
if [ "$COMPUTERNAME" != "" ] | |
then | |
echo "DNS.$I = $COMPUTERNAME" >> openssl.config | |
I=$(($I + 1)) | |
if [ "$LANDOMAIN" != "" ] | |
then | |
echo "DNS.$I = $COMPUTERNAME.$LANDOMAIN" >> openssl.config | |
I=$(($I + 1)) | |
fi | |
fi | |
if [ "$LANHOSTNAME" != "" ] | |
then | |
echo "DNS.$I = $LANHOSTNAME" >> openssl.config | |
I=$(($I + 1)) | |
if [ "$LANDOMAIN" != "" ] | |
then | |
echo "DNS.$I = $LANHOSTNAME.$LANDOMAIN" >> openssl.config | |
I=$(($I + 1)) | |
fi | |
fi | |
# DDNS | |
DDNSHOSTNAME=$(nvram get ddns_hostname_x) | |
DDNSSERVER=$(nvram get ddns_server_x) | |
DDNSUSER=$(nvram get ddns_username_x) | |
if [ "$(nvram get ddns_enable_x)" == "1" -a "$DDNSSERVER" != "WWW.DNSOMATIC.COM" -a "$DDNSHOSTNAME" != "" ] | |
then | |
if [ "$DDNSSERVER" == "WWW.NAMECHEAP.COM" -a "$DDNSUSER" != "" ] | |
then | |
echo "DNS.$I = $DDNSHOSTNAME.$DDNSUSER" >> openssl.config | |
I=$(($I + 1)) | |
else | |
echo "DNS.$I = $DDNSHOSTNAME" >> openssl.config | |
I=$(($I + 1)) | |
fi | |
fi | |
# create the key | |
openssl genrsa -out key.pem 2048 -config /etc/openssl.config | |
# create certificate request and sign it | |
RANDFILE=/dev/urandom openssl req -new -x509 -key key.pem -sha256 -out cert.pem -days 3653 -config /etc/openssl.config | |
#openssl x509 -in /etc/cert.pem -text -noout | |
# server.pem for WebDav SSL | |
cat key.pem cert.pem > server.pem | |
rm -f /tmp/cert.csr /etc/openssl.config |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment