Last active
April 25, 2016 09:58
-
-
Save Spindel/ab647cb94a774720b396 to your computer and use it in GitHub Desktop.
Using flock for SSL key generation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -eu | |
set -o pipefail | |
MY_CRT=temp.crt | |
MY_KEY=temp.key | |
MY_CSR=temp.csr | |
CLIENTID=`sed -e 's/://g' /sys/class/net/eth0/address` | |
SUBJECT="/C=XX/ST=TESTING/L=Testing/O=Test Inc/OU=Test Dept/CN=$CLIENTID" | |
echo $SUBJECT | |
export SUBJECT MY_CRT MY_KEY MY_CSR | |
# define a gencsr function | |
gencsr(){ | |
# Returns != 0 if this fails | |
if ! openssl pkey -noout -in $MY_KEY &>/dev/null | |
then | |
rm -f $MY_KEY $MY_CRT $MY_CSR | |
openssl genrsa -out $MY_KEY 2048 &>/dev/null | |
fi | |
# Validate the CSR is from the same key. and not invalid. | |
if ! openssl req -noout -verify -in $MY_CSR -key $MY_KEY &>/dev/null | |
then | |
rm -f $MY_CSR $MY_CRT | |
openssl req -sha256 -utf8 -new -key $MY_KEY -out $MY_CSR -subj "$SUBJECT" &>/dev/null | |
fi | |
} | |
export -f gencsr | |
flock -xn $MY_KEY -c '/bin/bash -c gencsr' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
wow thats nice
many thanks
such ssl 😄