https-proxy/certgen at master · mth/https-proxy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#!/bin/sh -e

MODE="$1"
case "$1" in
	-client) shift
	;;
	-no-dh) shift
	;;
	-sha) shift
	openssl pkcs12 -nodes -clcerts -in "$1" |\
		openssl x509 -outform der | openssl dgst -sha256
	exit 0
	;;
	*) MODE="server"
	;;
esac

if [ "$2" = "" ]; then
	cat <<HELP

certgen [-no-dh] host-name server.pem
certgen -client common-name client.p12
certgen -sha client.p12

For example: ./certgen '*.localnet' ssl.pem

HELP
	exit 1
fi

PNAME="$2"
SUBJ="/O=https proxy/OU=https proxy/CN=$1"

if [ "$MODE" = "-client" ]; then
	PNAME="$2.tmp"
	SUBJ="/CN=$1"
fi

openssl req -newkey rsa:2048 -nodes -keyout "$PNAME" -subj "$SUBJ"\
| openssl x509 -req -signkey "$PNAME" -sha256 -days 3652 >> "$PNAME"

[ "$MODE" != "server" ] || openssl dhparam 2048 >> "$PNAME"

if [ "$MODE" = "-client" ]; then
	openssl pkcs12 -export -in "$PNAME" -inkey "$PNAME"\
		-certfile "$PNAME" -name "$1" -out "$2"
	echo "Certificate sha256 hash"
	openssl x509 -in "$PNAME" -outform der | openssl dgst -sha256
	rm -f "$PNAME"
fi