55 lines
1.4 KiB
Bash
Executable File
55 lines
1.4 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
ECDSA_OPTS="-newkey ec -pkeyopt ec_paramgen_curve:secp384r1 -sha384"
|
|
|
|
|
|
while getopts ":ht:d:n:s:" opt; do
|
|
case $opt in
|
|
h)
|
|
echo "Usage: -t rsa|ec -n <name> -d <days>"
|
|
exit 0
|
|
;;
|
|
t)
|
|
if [[ $OPTARG =~ ^rsa:([0-9]+) ]]; then
|
|
NEWKEY_OPT="-newkey rsa:${BASH_REMATCH[1]} -sha256"
|
|
elif [[ $OPTARG =~ ^ec:([0-9]+) ]]; then
|
|
BITS=${BASH_REMATCH[1]}
|
|
if [[ $BITS -eq 256 ]]; then
|
|
CURVE=prime256v1
|
|
SHA=sha256
|
|
elif [[ $BITS -eq 384 ]]; then
|
|
CURVE=secp384r1
|
|
SHA=sha384
|
|
elif [[ $BITS -eq 512 ]]; then
|
|
CURVE=secp521r1
|
|
SHA=sha512
|
|
else
|
|
echo "Invalid ec bits: ec:$BITS" >&2
|
|
exit 1
|
|
fi
|
|
NEWKEY_OPT="-newkey ec -pkeyopt ec_paramgen_curve:${CURVE} -${SHA}"
|
|
else
|
|
echo "Invalid option: -t $OPTARG" >&2
|
|
exit 1
|
|
fi
|
|
;;
|
|
d)
|
|
DAYS_OPT="-days $OPTARG"
|
|
;;
|
|
n)
|
|
NAME_OPT=(-keyout "$OPTARG".key -out "$OPTARG".crt)
|
|
;;
|
|
s)
|
|
SUBJECT_OPT=(-subj "/C=CN/CN=Root CA/O=$OPTARG")
|
|
;;
|
|
\?)
|
|
echo "Invalid option: -$OPTARG" >&2
|
|
exit 1
|
|
;;
|
|
esac
|
|
done
|
|
|
|
openssl req -x509 -batch $NEWKEY_OPT $DAYS_OPT "${NAME_OPT[@]}" "${SUBJECT_OPT[@]}" -addext "keyUsage=critical,keyCertSign,cRLSign"
|
|
# -addext "subjectKeyIdentifier=hash" \
|
|
# -addext "authorityKeyIdentifier=keyid:always,issuer" \
|
|
# -addext "basicConstraints=critical,CA:true" \ |