-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathgenerateCerts.sh
105 lines (87 loc) · 3.34 KB
/
generateCerts.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
function description() {
echo -e "\nGenerate ssl certificates for better communication Between server\nand the client\n"
echo -e "This is necessary because the python proxy server running on AWS expects\na secure communication, for that, all the calls that will be made to the\npython proxy server will be carried forward with HTTPs along with TLS."
}
function commandUsage() {
echo -e "Usage: generatecerts <SERVER|CLIENT>\n"
echo -e "[CLI Arguments]"
echo -e "SERVER: Generate certs for server, this command with \"server\" argument\nshould be run on AWS/GCP or wherever you've access to.\nAll Files will be saved with prefix \"server\" under \"certs/\" dir., for example: server.crt"
echo -e "\nCLIENT: Generate certs for client, this command with \"client\" argument\nshould be run on local machines.\nFiles will be saved with prefix \"client\" under \"certs/\" dir., for example: client.srt"
description
}
function checkExitStatus() {
# Define color codes
RED="\033[0;31m"
GREEN="\033[0;32m"
NC="\033[0m"
if [ "$1" -eq 0 ]; then
echo -e "${GREEN}$2\n${NC}"
sleep 0.5
else
echo -e "${RED}Error in \"$2\" process${NC}"
fi
}
function getFileFromHost() {
# copy the server cert to /etc/ssl/certs
read -p "Enter the host address (Ex. AWS/GCP) : " "host_address"
# enter the server.crt file present on the host
read -p "Enter the file location : " "file_location"
# make connection and download the file from the server
read -p "Enter the location of .pem credentials : " "pem_file"
scp -i "$pem_file" "$host_address":"$file_location/server.crt" "./certs/"
if [ $? != 0 ]; then
echo -e "Something went wrong\nRe-check the provided inputs"
else
echo -e "\"server.crt\" is present under certs/"
fi
}
function generate_certs() {
# Create the directory and send client/server cert req. to there
if [ ! -e "certs/" ]; then mkdir "certs/"; fi
# Generate the keys
openssl genrsa -out "$1.key" 2048
checkExitStatus "$?" "Key Generated Successfully"
mv "$1.key" "certs/"
# Generate the csr (certificate signing registry)
openssl req -new -key "certs/$1.key" -out $1.csr;
checkExitStatus "$?" "CSR Generated Successfully"
mv "$1.csr" "certs/"
# Generate the crt (certificate)
openssl x509 -req -in "certs/$1.csr" -signkey "certs/$1.key" -out "$1.crt";
checkExitStatus "$?" "Certificate Generated Successfully"
mv "$1.crt" "certs/"
if [ "$1" == "client" ]; then
# server.crt file location
read -p "server.crt on present (local / cloud ) : " "user_choice"
user_choice=$(echo "$user_choice" | tr "[:upper:]" "[:lower:]")
fileLocation="./certs/server.crt"
if [ $user_choice == "cloud" ]; then
getFileFromHost
else
read -p "Enter server.crt location : " fileLocation
fi
# copy the server.crt to the /etc/ssl/certs and update ca-certificates
echo -e "Copying server.crt to /etc/ssl/certs\n"
sudo mv "./certs/server.crt" "/etc/ssl/certs"
# update the ca-certificates
sudo update-ca-certificates >> /dev/null 2>&1
if [ $? -eq 0 ]; then
echo "COMPLETED [ca-certificates]"
else
sudo update-ca-trust >> /dev/null 2>&1
echo "COMPLETED [ca-trust]"
exit
fi
fi
}
# Check the number of cli arguments
if [ "$#" -gt 1 ] || [ "$#" -lt 1 ]; then
commandUsage
else
arg=$(echo $1 | tr '[:upper:]' '[:lower:]')
if [ "$arg" != "server" ] && [ "$arg" != "client" ]; then
echo "Wrong argument supplied"
else
generate_certs "$1"
fi
fi